admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:54:28 +00:00
parent 753de9a668
commit 9a7b2df310
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3926 additions and 3926 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/2xxx/CVE-2002-2373.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2373", "ID": "CVE-2002-2373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021026 TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/297250" "lang": "eng",
}, "value": "The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access."
{ }
"name" : "6052", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6052" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "apple-laserwriter-telnet-access(10476)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10476.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20021026 TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/297250"
},
{
"name": "6052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6052"
},
{
"name": "apple-laserwriter-telnet-access(10476)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10476.php"
}
]
}
}

160
2005/0xxx/CVE-2005-0207.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0207", "ID": "CVE-2005-0207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CLA-2005:930", "description_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930" "lang": "eng",
}, "value": "Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT."
{ }
"name" : "RHSA-2005:366", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2005:003", "description": [
"refsource" : "SUSE", {
"url" : "http://www.securityfocus.com/advisories/7880" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12330", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/12330" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:11001", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11001" "name": "RHSA-2005:366",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2005-366.html"
} },
} {
"name": "SUSE-SA:2005:003",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/advisories/7880"
},
{
"name": "12330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12330"
},
{
"name": "CLA-2005:930",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930"
},
{
"name": "oval:org.mitre.oval:def:11001",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11001"
}
]
}
}

140
2005/0xxx/CVE-2005-0307.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0307", "ID": "CVE-2005-0307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110661795632354&w=2" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters."
{ }
"name" : "12359", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12359" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "mercuryboard-multiple-scripts-xss(19050)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19050" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110661795632354&w=2"
},
{
"name": "mercuryboard-multiple-scripts-xss(19050)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19050"
},
{
"name": "12359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12359"
}
]
}
}

150
2005/0xxx/CVE-2005-0680.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0680", "ID": "CVE-2005-0680",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050304 Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110996056601719&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code."
{ }
"name" : "http://www.stadtaus.com/forum/p-5895.html", ]
"refsource" : "MISC", },
"url" : "http://www.stadtaus.com/forum/p-5895.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.stadtaus.com/forum/t-1579.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.stadtaus.com/forum/t-1579.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14513", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14513" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.stadtaus.com/forum/t-1579.html",
"refsource": "CONFIRM",
"url": "http://www.stadtaus.com/forum/t-1579.html"
},
{
"name": "14513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14513"
},
{
"name": "20050304 Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110996056601719&w=2"
},
{
"name": "http://www.stadtaus.com/forum/p-5895.html",
"refsource": "MISC",
"url": "http://www.stadtaus.com/forum/p-5895.html"
}
]
}
}

120
2005/1xxx/CVE-2005-1350.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1350", "ID": "CVE-2005-1350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050424 remote command execution in ad.cgi script", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111446285915444&w=2" "lang": "eng",
} "value": "The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050424 remote command execution in ad.cgi script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111446285915444&w=2"
}
]
}
}

190
2005/1xxx/CVE-2005-1605.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1605", "ID": "CVE-2005-1605",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050509 SiteStudio", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere."
{ }
"name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt", ]
"refsource" : "MISC", },
"url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.psoft.net/SS/ss_16_security_update_guestbook.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.psoft.net/SS/ss_16_security_update_guestbook.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html" ]
}, },
{ "references": {
"name" : "13554", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13554" "name": "15286",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15286"
"name" : "16240", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16240" "name": "20050509 SiteStudio",
}, "refsource": "FULLDISC",
{ "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0154.html"
"name" : "15286", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15286" "name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt",
}, "refsource": "MISC",
{ "url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-008-sitestudio.txt"
"name" : "sitestudio-guestbook-xss(20496)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20496" "name": "sitestudio-guestbook-xss(20496)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20496"
} },
} {
"name": "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html",
"refsource": "CONFIRM",
"url": "http://www.psoft.net/misc/hsphere_winbox_security_update_guestbook.html"
},
{
"name": "16240",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16240"
},
{
"name": "13554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13554"
},
{
"name": "http://www.psoft.net/SS/ss_16_security_update_guestbook.html",
"refsource": "CONFIRM",
"url": "http://www.psoft.net/SS/ss_16_security_update_guestbook.html"
}
]
}
}

140
2005/1xxx/CVE-2005-1679.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1679", "ID": "CVE-2005-1679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050520 picasm error handling stack overflow vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111661253517089&w=2" "lang": "eng",
}, "value": "Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message."
{ }
"name" : "http://www.co.jyu.fi/~trossi/pic/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.co.jyu.fi/~trossi/pic/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13698", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13698" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050520 picasm error handling stack overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111661253517089&w=2"
},
{
"name": "13698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13698"
},
{
"name": "http://www.co.jyu.fi/~trossi/pic/",
"refsource": "CONFIRM",
"url": "http://www.co.jyu.fi/~trossi/pic/"
}
]
}
}

160
2005/1xxx/CVE-2005-1875.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1875", "ID": "CVE-2005-1875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050602 SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111773894525119&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter."
{ }
"name" : "http://photography-on-the.net/forum/showthread.php?p=579692", ]
"refsource" : "CONFIRM", },
"url" : "http://photography-on-the.net/forum/showthread.php?p=579692" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13844", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13844" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17006", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/17006" ]
}, },
{ "references": {
"name" : "15583", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15583" "name": "13844",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/13844"
} },
} {
"name": "15583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15583"
},
{
"name": "http://photography-on-the.net/forum/showthread.php?p=579692",
"refsource": "CONFIRM",
"url": "http://photography-on-the.net/forum/showthread.php?p=579692"
},
{
"name": "17006",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17006"
},
{
"name": "20050602 SEC-CONSULT SA20050602-2 :: Exhibit Engine Blind SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111773894525119&w=2"
}
]
}
}

180
2005/3xxx/CVE-2005-3199.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3199", "ID": "CVE-2005-3199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051006 aspReady FAQ - open for SQL-injections", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112861875408315&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters."
{ }
"name" : "15022", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15022" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19917", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19917" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015015", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015015" ]
}, },
{ "references": {
"name" : "17091", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17091/" "name": "1015015",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015015"
"name" : "52", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/52" "name": "15022",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15022"
"name" : "aspreadyfaq-aradmin-sql-injection(22538)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22538" "name": "19917",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/19917"
} },
} {
"name": "aspreadyfaq-aradmin-sql-injection(22538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22538"
},
{
"name": "20051006 aspReady FAQ - open for SQL-injections",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112861875408315&w=2"
},
{
"name": "17091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17091/"
},
{
"name": "52",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/52"
}
]
}
}

170
2005/4xxx/CVE-2005-4244.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4244", "ID": "CVE-2005-4244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html" "lang": "eng",
}, "value": "SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php."
{ }
"name" : "15844", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15844" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2882", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2882" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21693", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21693" ]
}, },
{ "references": {
"name" : "21694", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21694" "name": "18022",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18022"
"name" : "18022", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18022" "name": "ADV-2005-2882",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/2882"
} },
} {
"name": "21694",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21694"
},
{
"name": "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html"
},
{
"name": "15844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15844"
},
{
"name": "21693",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21693"
}
]
}
}

160
2005/4xxx/CVE-2005-4623.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4623", "ID": "CVE-2005-4623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ipomonis.com/advisories/PaQFile_Share.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ipomonis.com/advisories/PaQFile_Share.txt" "lang": "eng",
}, "value": "upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name."
{ }
"name" : "16124", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16124" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22152", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22152" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015430", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015430" ]
}, },
{ "references": {
"name" : "18279", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18279" "name": "1015430",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015430"
} },
} {
"name": "16124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16124"
},
{
"name": "22152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22152"
},
{
"name": "http://www.ipomonis.com/advisories/PaQFile_Share.txt",
"refsource": "MISC",
"url": "http://www.ipomonis.com/advisories/PaQFile_Share.txt"
},
{
"name": "18279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18279"
}
]
}
}

160
2005/4xxx/CVE-2005-4653.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4653", "ID": "CVE-2005-4653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051022 Vulnerability in AL-Caricatier, V.2.5 And Prior Versions", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0483.html" "lang": "eng",
}, "value": "Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument."
{ }
"name" : "15162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15162" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2181", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2181" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17292", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17292" ]
}, },
{ "references": {
"name" : "al-caricatier-ss-bypass-security(22840)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22840" "name": "al-caricatier-ss-bypass-security(22840)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22840"
} },
} {
"name": "20051022 Vulnerability in AL-Caricatier, V.2.5 And Prior Versions",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0483.html"
},
{
"name": "ADV-2005-2181",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2181"
},
{
"name": "15162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15162"
},
{
"name": "17292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17292"
}
]
}
}

34
2009/0xxx/CVE-2009-0189.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2009-0189", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2009-0189",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1012. Reason: This candidate is a reservation duplicate of CVE-2009-1012. Notes: All CVE users should reference CVE-2009-1012 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

150
2009/0xxx/CVE-2009-0426.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0426", "ID": "CVE-2009-0426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7767", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7767" "lang": "eng",
}, "value": "SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter."
{ }
"name" : "33253", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33253" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33482", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33482" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "classifieds-uploadimage-sql-injection(47959)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47959" ]
} },
] "references": {
} "reference_data": [
} {
"name": "33253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33253"
},
{
"name": "7767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7767"
},
{
"name": "classifieds-uploadimage-sql-injection(47959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47959"
},
{
"name": "33482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33482"
}
]
}
}

160
2009/0xxx/CVE-2009-0540.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0540", "ID": "CVE-2009-0540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0243.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field."
{ }
"name" : "33856", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33856" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52263", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52263" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-0493", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/0493" ]
}, },
{ "references": {
"name" : "libero-searchterm-xss(48870)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48870" "name": "33856",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/33856"
} },
} {
"name": "20090222 Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0243.html"
},
{
"name": "52263",
"refsource": "OSVDB",
"url": "http://osvdb.org/52263"
},
{
"name": "ADV-2009-0493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0493"
},
{
"name": "libero-searchterm-xss(48870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48870"
}
]
}
}

200
2009/0xxx/CVE-2009-0698.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-0698", "ID": "CVE-2009-0698",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500514/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385."
{ }
"name" : "http://www.trapkit.de/advisories/TKADV2009-004.txt", ]
"refsource" : "MISC", },
"url" : "http://www.trapkit.de/advisories/TKADV2009-004.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.xine-project.org/show_bug.cgi?id=205", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.xine-project.org/show_bug.cgi?id=205" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=660071", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/project/shownotes.php?release_id=660071" ]
}, },
{ "references": {
"name" : "MDVSA-2009:298", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298" "name": "USN-746-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-746-1"
"name" : "MDVSA-2009:299", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299" "name": "MDVSA-2009:299",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:299"
"name" : "SUSE-SR:2009:009", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html" "name": "xinelib-4xmdemuxer-code-execution(48954)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954"
"name" : "USN-746-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-746-1" "name": "http://sourceforge.net/project/shownotes.php?release_id=660071",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=660071"
"name" : "xinelib-4xmdemuxer-code-execution(48954)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48954" "name": "http://bugs.xine-project.org/show_bug.cgi?id=205",
} "refsource": "CONFIRM",
] "url": "http://bugs.xine-project.org/show_bug.cgi?id=205"
} },
} {
"name": "MDVSA-2009:298",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:298"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2009-004.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2009-004.txt"
},
{
"name": "20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500514/100/0/threaded"
}
]
}
}

170
2009/0xxx/CVE-2009-0730.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0730", "ID": "CVE-2009-0730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501176/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726."
{ }
"name" : "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/501175/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20090221 gigCalendar Joomla Component 1.0 SQL Injection", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501174/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33859", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33859" ]
}, },
{ "references": {
"name" : "33863", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33863" "name": "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded"
"name" : "gigcalendar-venuedetails-sql-injection(48865)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865" "name": "33859",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/33859"
} },
} {
"name": "gigcalendar-venuedetails-sql-injection(48865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865"
},
{
"name": "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded"
},
{
"name": "20090221 gigCalendar Joomla Component 1.0 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded"
},
{
"name": "33863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33863"
}
]
}
}

140
2009/1xxx/CVE-2009-1052.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1052", "ID": "CVE-2009-1052",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090317 [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501905/100/0/threaded" "lang": "eng",
}, "value": "FireAnt 1.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv."
{ }
"name" : "http://e-rdc.org/v1/news.php?readmore=130", ]
"refsource" : "MISC", },
"url" : "http://e-rdc.org/v1/news.php?readmore=130" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34359", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34359" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://e-rdc.org/v1/news.php?readmore=130",
"refsource": "MISC",
"url": "http://e-rdc.org/v1/news.php?readmore=130"
},
{
"name": "34359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34359"
},
{
"name": "20090317 [ECHO_ADV_106$2009] FireAnt <= 1.3 Critical File Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501905/100/0/threaded"
}
]
}
}

240
2009/1xxx/CVE-2009-1184.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1184", "ID": "CVE-2009-1184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20090502 Linux 2.6.27.21", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lwn.net/Articles/331434/" "lang": "eng",
}, "value": "The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21."
{ }
"name" : "[linux-kernel] 20090502 Linux 2.6.28.10", ]
"refsource" : "MLIST", },
"url" : "http://lwn.net/Articles/331435/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20090504 CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/05/04/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://launchpad.net/bugs/cve/2009-1184", ]
"refsource" : "MISC", }
"url" : "https://launchpad.net/bugs/cve/2009-1184" ]
}, },
{ "references": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496" "name": "MDVSA-2009:135",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
"name" : "http://patchwork.ozlabs.org/patch/25238/", },
"refsource" : "CONFIRM", {
"url" : "http://patchwork.ozlabs.org/patch/25238/" "name": "[linux-kernel] 20090502 Linux 2.6.28.10",
}, "refsource": "MLIST",
{ "url": "http://lwn.net/Articles/331435/"
"name" : "DSA-1800", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1800" "name": "MDVSA-2009:118",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:118"
"name" : "MDVSA-2009:118", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:118" "name": "35656",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35656"
"name" : "MDVSA-2009:119", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:119" "name": "[oss-security] 20090504 CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/05/04/1"
"name" : "MDVSA-2009:135", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135" "name": "http://patchwork.ozlabs.org/patch/25238/",
}, "refsource": "CONFIRM",
{ "url": "http://patchwork.ozlabs.org/patch/25238/"
"name" : "USN-793-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-793-1" "name": "USN-793-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-793-1"
"name" : "35121", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35121" "name": "DSA-1800",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1800"
"name" : "35656", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35656" "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496",
} "refsource": "CONFIRM",
] "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=910c9e41186762de3717baaf392ab5ff0c454496"
} },
} {
"name": "https://launchpad.net/bugs/cve/2009-1184",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2009-1184"
},
{
"name": "[linux-kernel] 20090502 Linux 2.6.27.21",
"refsource": "MLIST",
"url": "http://lwn.net/Articles/331434/"
},
{
"name": "MDVSA-2009:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:119"
},
{
"name": "35121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35121"
}
]
}
}

180
2009/1xxx/CVE-2009-1458.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1458", "ID": "CVE-2009-1458",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090416 [follow-up] razorCMS - Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=123998062108561&w=2" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action."
{ }
"name" : "20090416 razorCMS - Multiple Vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=123990481506680&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325", "description": [
"refsource" : "CONFIRM", {
"url" : "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34566", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34566" ]
}, },
{ "references": {
"name" : "53776", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53776" "name": "34744",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34744"
"name" : "34744", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34744" "name": "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325",
}, "refsource": "CONFIRM",
{ "url": "http://razorcms.co.uk/support/viewtopic.php?f=13&t=325"
"name" : "razorcms-index-xss(49945)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49945" "name": "20090416 [follow-up] razorCMS - Multiple Vulnerabilities",
} "refsource": "FULLDISC",
] "url": "http://marc.info/?l=full-disclosure&m=123998062108561&w=2"
} },
} {
"name": "razorcms-index-xss(49945)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49945"
},
{
"name": "53776",
"refsource": "OSVDB",
"url": "http://osvdb.org/53776"
},
{
"name": "20090416 razorCMS - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=123990481506680&w=2"
},
{
"name": "34566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34566"
}
]
}
}

120
2009/1xxx/CVE-2009-1664.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1664", "ID": "CVE-2009-1664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8690", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8690" "lang": "eng",
} "value": "myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8690",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8690"
}
]
}
}

130
2009/3xxx/CVE-2009-3824.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3824", "ID": "CVE-2009-3824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9156", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9156" "lang": "eng",
}, "value": "Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter."
{ }
"name" : "greenwood-processor-file-include(51737)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51737" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9156"
},
{
"name": "greenwood-processor-file-include(51737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51737"
}
]
}
}

190
2009/4xxx/CVE-2009-4114.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4114", "ID": "CVE-2009-4114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091117 Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507933/100/0/threaded" "lang": "eng",
}, "value": "kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl."
{ }
"name" : "http://sysdream.com/article.php?story_id=323&section_id=78", ]
"refsource" : "MISC", },
"url" : "http://sysdream.com/article.php?story_id=323&section_id=78" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37044", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37044" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60207", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/60207" ]
}, },
{ "references": {
"name" : "1023198", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023198" "name": "http://sysdream.com/article.php?story_id=323&section_id=78",
}, "refsource": "MISC",
{ "url": "http://sysdream.com/article.php?story_id=323&section_id=78"
"name" : "37398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37398" "name": "ADV-2009-3286",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3286"
"name" : "ADV-2009-3286", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3286" "name": "60207",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/60207"
"name" : "kaspersky-kl1-privilege-escalation(54309)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54309" "name": "20091117 Kaspersky Anti-Virus 2010 <= 9.0.0.463 pointer dereference vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/507933/100/0/threaded"
} },
} {
"name": "1023198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023198"
},
{
"name": "kaspersky-kl1-privilege-escalation(54309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54309"
},
{
"name": "37044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37044"
},
{
"name": "37398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37398"
}
]
}
}

120
2009/4xxx/CVE-2009-4841.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4841", "ID": "CVE-2009-4841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8824", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8824" "lang": "eng",
} "value": "Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8824",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8824"
}
]
}
}

120
2009/5xxx/CVE-2009-5015.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5015", "ID": "CVE-2009-5015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[turbogears-announce] 20090811 Critical security update for tg2 users!", "description_data": [
"refsource" : "MLIST", {
"url" : "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain" "lang": "eng",
} "value": "The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[turbogears-announce] 20090811 Critical security update for tg2 users!",
"refsource": "MLIST",
"url": "http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain"
}
]
}
}

34
2012/2xxx/CVE-2012-2507.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2507", "ID": "CVE-2012-2507",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/3xxx/CVE-2012-3116.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3116", "ID": "CVE-2012-3116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54567", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54567" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "83960", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/83960" ]
}, },
{ "references": {
"name" : "1027268", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027268" "name": "1027268",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027268"
"name" : "supplychain-transportmgmt-info-disc(77023)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77023" "name": "supplychain-transportmgmt-info-disc(77023)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77023"
} },
} {
"name": "54567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54567"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "83960",
"refsource": "OSVDB",
"url": "http://osvdb.org/83960"
}
]
}
}

200
2012/3xxx/CVE-2012-3425.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3425", "ID": "CVE-2012-3425",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/24/3" "lang": "eng",
}, "value": "The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."
{ }
"name" : "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/07/24/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082", "description": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10", ]
"refsource" : "MISC", }
"url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10" ]
}, },
{ "references": {
"name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14", "reference_data": [
"refsource" : "MISC", {
"url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14" "name": "[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/24/3"
"name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15", },
"refsource" : "MISC", {
"url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15" "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15",
}, "refsource": "MISC",
{ "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15"
"name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8", },
"refsource" : "MISC", {
"url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8" "name": "[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/24/5"
"name" : "openSUSE-SU-2012:0934", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"
"name" : "USN-2815-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2815-1" "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14",
} "refsource": "MISC",
] "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14"
} },
} {
"name": "openSUSE-SU-2012:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10",
"refsource": "MISC",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8",
"refsource": "MISC",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"
},
{
"name": "USN-2815-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2815-1"
}
]
}
}

34
2012/6xxx/CVE-2012-6212.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6212", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6212",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

160
2012/6xxx/CVE-2012-6524.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6524", "ID": "CVE-2012-6524",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18383", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18383" "lang": "eng",
}, "value": "SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "51550", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51550" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "78342", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/78342" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47530", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/47530" ]
}, },
{ "references": {
"name" : "pgb-kommentar-sql-injection(72450)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72450" "name": "78342",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/78342"
} },
} {
"name": "51550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51550"
},
{
"name": "pgb-kommentar-sql-injection(72450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72450"
},
{
"name": "47530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47530"
},
{
"name": "18383",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18383"
}
]
}
}

160
2012/6xxx/CVE-2012-6607.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6607", "ID": "CVE-2012-6607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://augeas.net/news.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://augeas.net/news.html" "lang": "eng",
}, "value": "The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=772257", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=772257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/hercules-team/augeas/commit/16387744", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/hercules-team/augeas/commit/16387744" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1537", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1537.html" ]
}, },
{ "references": {
"name" : "55811", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55811" "name": "https://github.com/hercules-team/augeas/commit/16387744",
} "refsource": "CONFIRM",
] "url": "https://github.com/hercules-team/augeas/commit/16387744"
} },
} {
"name": "55811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55811"
},
{
"name": "http://augeas.net/news.html",
"refsource": "CONFIRM",
"url": "http://augeas.net/news.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=772257",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772257"
},
{
"name": "RHSA-2013:1537",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1537.html"
}
]
}
}

260
2015/1xxx/CVE-2015-1211.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1211", "ID": "CVE-2015-1211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html" "lang": "eng",
}, "value": "The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI."
{ }
"name" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.google.com/p/chromium/issues/detail?id=453982", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/p/chromium/issues/detail?id=453982" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://codereview.chromium.org/889323002", ]
"refsource" : "CONFIRM", }
"url" : "https://codereview.chromium.org/889323002" ]
}, },
{ "references": {
"name" : "GLSA-201502-13", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" "name": "72497",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/72497"
"name" : "RHSA-2015:0163", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0163.html" "name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"
"name" : "openSUSE-SU-2015:0441", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" "name": "62818",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62818"
"name" : "USN-2495-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2495-1" "name": "https://codereview.chromium.org/889323002",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/889323002"
"name" : "72497", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72497" "name": "62925",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62925"
"name" : "1031709", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031709" "name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"
"name" : "62670", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62670" "name": "google-chrome-cve20151211-priv-esc(100717)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100717"
"name" : "62818", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62818" "name": "GLSA-201502-13",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
"name" : "62917", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62917" "name": "62917",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62917"
"name" : "62925", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62925" "name": "RHSA-2015:0163",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"
"name" : "google-chrome-cve20151211-priv-esc(100717)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100717" "name": "62670",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/62670"
} },
} {
"name": "1031709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031709"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "USN-2495-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2495-1"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=453982",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=453982"
}
]
}
}

150
2015/1xxx/CVE-2015-1810.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1810", "ID": "CVE-2015-1810",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205627", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205627" "lang": "eng",
}, "value": "The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the \"Jenkins' own user database\" setting, which allows remote attackers to gain privileges by creating a reserved name."
{ }
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", ]
"refsource" : "CONFIRM", },
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:1844", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2016:0070", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2016:0070" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
},
{
"name": "RHSA-2015:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205627"
}
]
}
}

120
2015/1xxx/CVE-2015-1958.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1958", "ID": "CVE-2015-1958",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959210", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959210" "lang": "eng",
} "value": "IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959210",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959210"
}
]
}
}

34
2015/5xxx/CVE-2015-5026.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5026", "ID": "CVE-2015-5026",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2015/5xxx/CVE-2015-5133.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-5133", "ID": "CVE-2015-5133",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5132."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "37858", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/37858/" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5131 and CVE-2015-5132."
{ }
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "description": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", ]
"refsource" : "CONFIRM", }
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" ]
}, },
{ "references": {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
"name" : "GLSA-201508-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201508-01" "name": "GLSA-201508-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201508-01"
"name" : "RHSA-2015:1603", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
"name" : "openSUSE-SU-2015:1781", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" "name": "76284",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/76284"
"name" : "76284", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76284" "name": "37858",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/37858/"
"name" : "1033235", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033235" "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
} "refsource": "CONFIRM",
] "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
} },
} {
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "1033235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033235"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name": "RHSA-2015:1603",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5613.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5613", "ID": "CVE-2015-5613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150722 Re: CVE Request: October CMS - Stored XSS in image caption tag", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/07/22/3" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612."
{ }
"name" : "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/octobercms/october/issues/1302", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/octobercms/october/issues/1302" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150722 Re: CVE Request: October CMS - Stored XSS in image caption tag",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/22/3"
},
{
"name": "https://github.com/octobercms/october/issues/1302",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/issues/1302"
},
{
"name": "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a"
}
]
}
}

190
2015/5xxx/CVE-2015-5803.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5803", "ID": "CVE-2015-5803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
{ }
"name" : "https://support.apple.com/HT205221", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205265", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205265" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-09-16-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" "name": "https://support.apple.com/HT205221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205221"
"name" : "APPLE-SA-2015-09-30-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "76763", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76763" "name": "https://support.apple.com/HT205212",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205212"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "76763",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/76763"
} },
} {
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

182
2018/11xxx/CVE-2018-11051.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-28T04:00:00.000Z", "DATE_PUBLIC": "2018-06-28T04:00:00.000Z",
"ID" : "CVE-2018-11051", "ID": "CVE-2018-11051",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "RSA Certificate Manager Path Traversal Vulnerability" "TITLE": "RSA Certificate Manager Path Traversal Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Certificate Manager Path Traversal Vulnerability", "product_name": "Certificate Manager Path Traversal Vulnerability",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.9 build 560 through 6.9 build 564" "version_value": "6.9 build 560 through 6.9 build 564"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "RSA" "vendor_name": "RSA"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass Vulnerability\n"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Jul/11" "lang": "eng",
}, "value": "RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application."
{ }
"name" : "104674", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104674" "impact": {
}, "cvss": {
{ "attackComplexity": "LOW",
"name" : "1041211", "attackVector": "NETWORK",
"refsource" : "SECTRACK", "availabilityImpact": "NONE",
"url" : "http://www.securitytracker.com/id/1041211" "baseScore": 7.5,
} "baseSeverity": "HIGH",
] "confidentialityImpact": "HIGH",
}, "integrityImpact": "NONE",
"source" : { "privilegesRequired": "NONE",
"discovery" : "UNKNOWN" "scope": "UNCHANGED",
} "userInteraction": "NONE",
} "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180628 DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/11"
},
{
"name": "104674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104674"
},
{
"name": "1041211",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041211"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

258
2018/11xxx/CVE-2018-11077.json
View File

@ -1,131 +1,131 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-11-20T05:00:00.000Z", "DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID" : "CVE-2018-11077", "ID": "CVE-2018-11077",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability" "TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Avamar", "product_name": "Avamar",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.2.0" "version_value": "7.2.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.2.1" "version_value": "7.2.1"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.3.0" "version_value": "7.3.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.3.1" "version_value": "7.3.1"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.4.0" "version_value": "7.4.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.4.1" "version_value": "7.4.1"
}, },
{ {
"version_value" : "7.5.0" "version_value": "7.5.0"
}, },
{ {
"version_value" : "7.5.1" "version_value": "7.5.1"
}, },
{ {
"version_value" : "18.1" "version_value": "18.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Integrated Data Protection Appliance ", "product_name": "Integrated Data Protection Appliance ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "=", "affected": "=",
"version_value" : "2.0" "version_value": "2.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "2.1" "version_value": "2.1"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "2.2" "version_value": "2.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "https://seclists.org/fulldisclosure/2018/Nov/51" "lang": "eng",
}, "value": "'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege."
{ }
"name" : "https://www.vmware.com/security/advisories/VMSA-2018-0029.html", ]
"refsource" : "CONFIRM", },
"url" : "https://www.vmware.com/security/advisories/VMSA-2018-0029.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105971", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105971" "lang": "eng",
}, "value": "Command Injection Vulnerability"
{ }
"name" : "1042153", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1042153" ]
} },
] "references": {
}, "reference_data": [
"source" : { {
"discovery" : "UNKNOWN" "name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
} "refsource": "CONFIRM",
} "url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "20181120 DSA-2018-155: Dell EMC Avamar and Integrated Data Protection Appliance Command Injection Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/51"
},
{
"name": "105971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105971"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

170
2018/11xxx/CVE-2018-11360.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11360", "ID": "CVE-2018-11360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688" "lang": "eng",
}, "value": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow."
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b", ]
"refsource" : "CONFIRM", },
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-30.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-30.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4217", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4217" ]
}, },
{ "references": {
"name" : "104308", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104308" "name": "104308",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/104308"
"name" : "1041036", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041036" "name": "DSA-4217",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4217"
} },
} {
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-30.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-30.html"
},
{
"name": "1041036",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041036"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688"
}
]
}
}

142
2018/11xxx/CVE-2018-11757.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-07-20T00:00:00", "DATE_PUBLIC": "2018-07-20T00:00:00",
"ID" : "CVE-2018-11757", "ID": "CVE-2018-11757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Docker Skeleton Runtime for Apache OpenWhisk", "product_name": "Docker Skeleton Runtime for Apache OpenWhisk",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Docker tag openwhisk/dockerskeleton 1.3.0 (or lower)" "version_value": "Docker tag openwhisk/dockerskeleton 1.3.0 (or lower)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openwhisk-dev] 20180720 [CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de4b222ddd24b05@%3Cdev.openwhisk.apache.org%3E" "lang": "eng",
}, "value": "In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation."
{ }
"name" : "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104913", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104913" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104913"
},
{
"name": "[openwhisk-dev] 20180720 [CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0b6d8a677f1c063ed32eb3638ef4d1a47dfba8907de4b222ddd24b05@%3Cdev.openwhisk.apache.org%3E"
},
{
"name": "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8",
"refsource": "CONFIRM",
"url": "https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8"
}
]
}
}

132
2018/11xxx/CVE-2018-11785.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-10-24T00:00:00", "DATE_PUBLIC": "2018-10-24T00:00:00",
"ID" : "CVE-2018-11785", "ID": "CVE-2018-11785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Impala", "product_name": "Apache Impala",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Apache Impala 3.0.0" "version_value": "Apache Impala 3.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E", "description_data": [
"refsource" : "MISC", {
"url" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E" "lang": "eng",
}, "value": "Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query."
{ }
"name" : "105742", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105742" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105742"
},
{
"name": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E"
}
]
}
}

164
2018/15xxx/CVE-2018-15399.json
View File

@ -1,84 +1,84 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500", "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15399", "ID": "CVE-2018-15399",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability" "TITLE": "Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Adaptive Security Appliance (ASA) Software ", "product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.8",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181003 Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos" "lang": "eng",
}, "value": "A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing boundary check in an internal function. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between an affected device and its configured TCP syslog server and then maliciously modifying the TCP header in segments that are sent from the syslog server to the affected device. A successful exploit could allow the attacker to exhaust buffer on the affected device and cause all TCP-based features to stop functioning, resulting in a DoS condition. The affected TCP-based features include AnyConnect SSL VPN, clientless SSL VPN, and management connections such as Secure Shell (SSH), Telnet, and HTTPS."
{ }
"name" : "1041785", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041785" "impact": {
} "cvss": {
] "baseScore": "6.8",
}, "version": "3.0"
"source" : { }
"advisory" : "cisco-sa-20181003-asa-syslog-dos", },
"defect" : [ "problemtype": {
[ "problemtype_data": [
"CSCvh73829" {
] "description": [
], {
"discovery" : "UNKNOWN" "lang": "eng",
} "value": "CWE-400"
} }
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041785"
},
{
"name": "20181003 Cisco Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-asa-syslog-dos",
"defect": [
[
"CSCvh73829"
]
],
"discovery": "UNKNOWN"
}
}

34
2018/15xxx/CVE-2018-15624.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-15624", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-15624",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15770.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-15770", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-15770",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15779.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-15779", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-15779",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

142
2018/3xxx/CVE-2018-3000.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3000", "ID": "CVE-2018-3000",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Cruise Shipboard Property Management System", "product_name": "Hospitality Cruise Shipboard Property Management System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.x" "version_value": "8.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
{ }
"name" : "104815", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104815" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041300", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041300" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. While the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104815"
},
{
"name": "1041300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041300"
}
]
}
}

34
2018/3xxx/CVE-2018-3455.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3455", "ID": "CVE-2018-3455",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3469.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3469", "ID": "CVE-2018-3469",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3529.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3529", "ID": "CVE-2018-3529",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/3xxx/CVE-2018-3767.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2018-3767", "ID": "CVE-2018-3767",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "memjs", "product_name": "memjs",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Not fixed" "version_value": "Not fixed"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "https://github.com/memcachier" "vendor_name": "https://github.com/memcachier"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/319809", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/319809" "lang": "eng",
} "value": "`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/319809",
"refsource": "MISC",
"url": "https://hackerone.com/reports/319809"
}
]
}
}

34
2018/8xxx/CVE-2018-8062.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8062", "ID": "CVE-2018-8062",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/8xxx/CVE-2018-8352.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8352", "ID": "CVE-2018-8352",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

234
2018/8xxx/CVE-2018-8375.json
View File

@ -1,119 +1,119 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8375", "ID": "CVE-2018-8375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Excel Viewer", "product_name": "Microsoft Excel Viewer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2007 Service Pack 3" "version_value": "2007 Service Pack 3"
} }
] ]
} }
}, },
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2016 for Mac" "version_value": "2016 for Mac"
}, },
{ {
"version_value" : "Compatibility Pack Service Pack 3" "version_value": "Compatibility Pack Service Pack 3"
} }
] ]
} }
}, },
{ {
"product_name" : "Microsoft Excel", "product_name": "Microsoft Excel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2010 Service Pack 2 (32-bit editions)" "version_value": "2010 Service Pack 2 (32-bit editions)"
}, },
{ {
"version_value" : "2010 Service Pack 2 (64-bit editions)" "version_value": "2010 Service Pack 2 (64-bit editions)"
}, },
{ {
"version_value" : "2013 RT Service Pack 1" "version_value": "2013 RT Service Pack 1"
}, },
{ {
"version_value" : "2013 Service Pack 1 (32-bit editions)" "version_value": "2013 Service Pack 1 (32-bit editions)"
}, },
{ {
"version_value" : "2013 Service Pack 1 (64-bit editions)" "version_value": "2013 Service Pack 1 (64-bit editions)"
}, },
{ {
"version_value" : "2016 (32-bit edition)" "version_value": "2016 (32-bit edition)"
}, },
{ {
"version_value" : "2016 (64-bit edition)" "version_value": "2016 (64-bit edition)"
}, },
{ {
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" "version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
}, },
{ {
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" "version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379."
{ }
"name" : "104989", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104989" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041463", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041463" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104989"
},
{
"name": "1041463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041463"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8375"
}
]
}
}

220
2018/8xxx/CVE-2018-8381.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8381", "ID": "CVE-2018-8381",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
}, },
{ {
"product_name" : "ChakraCore", "product_name": "ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore" "version_value": "ChakraCore"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384."
{ }
"name" : "104980", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104980" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041457", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041457" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041457"
},
{
"name": "104980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104980"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8381"
}
]
}
}

130
2018/8xxx/CVE-2018-8971.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8971", "ID": "CVE-2018-8971",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/", "description_data": [
"refsource" : "MISC", {
"url" : "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/" "lang": "eng",
}, "value": "The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users."
{ }
"name" : "DSA-4206", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2018/dsa-4206" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/"
},
{
"name": "DSA-4206",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4206"
}
]
}
}