admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:49:23 +00:00
parent f57e8a8085
commit ac6e1fb3aa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
43 changed files with 3076 additions and 3076 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2005/0xxx/CVE-2005-0196.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050126 Cisco IOS Misformed BGP Packet Causes Reload",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml"
},
{
"name" : "TA05-026A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-026A.html"
},
{
"name" : "VU#689326",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/689326"
},
{
"name" : "oval:org.mitre.oval:def:5652",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5652"
},
{
"name" : "1013013",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013013"
},
{
"name" : "14034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14034"
},
{
"name" : "cisco-ios-bgp-packetdos(19074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14034"
},
{
"name": "1013013",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013013"
},
{
"name": "VU#689326",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/689326"
},
{
"name": "20050126 Cisco IOS Misformed BGP Packet Causes Reload",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml"
},
{
"name": "oval:org.mitre.oval:def:5652",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5652"
},
{
"name": "cisco-ios-bgp-packetdos(19074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19074"
},
{
"name": "TA05-026A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-026A.html"
}
]
}
}

130
2005/2xxx/CVE-2005-2012.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050620 paFaq Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111928841328681&w=2"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00083-06202005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00083-06202005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050620 paFaq Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111928841328681&w=2"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00083-06202005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00083-06202005"
}
]
}
}

300
2005/3xxx/CVE-2005-3276.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw",
"refsource" : "CONFIRM",
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1"
},
{
"name" : "http://lkml.org/lkml/2005/8/3/36",
"refsource" : "CONFIRM",
"url" : "http://lkml.org/lkml/2005/8/3/36"
},
{
"name" : "DSA-922",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-922"
},
{
"name" : "FLSA:157459-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name" : "FLSA:157459-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "MDKSA-2005:218",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"name" : "MDKSA-2005:219",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name" : "MDKSA-2005:220",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"name" : "RHSA-2006:0101",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name" : "RHSA-2006:0144",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0144.html"
},
{
"name" : "USN-219-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/219-1/"
},
{
"name" : "15527",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15527"
},
{
"name" : "oval:org.mitre.oval:def:9748",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9748"
},
{
"name" : "18056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18056"
},
{
"name" : "18510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18510"
},
{
"name" : "19252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19252"
},
{
"name" : "17826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9748",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9748"
},
{
"name": "18056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18056"
},
{
"name": "MDKSA-2005:220",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"name": "RHSA-2006:0144",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0144.html"
},
{
"name": "RHSA-2006:0101",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name": "15527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15527"
},
{
"name": "http://lkml.org/lkml/2005/8/3/36",
"refsource": "CONFIRM",
"url": "http://lkml.org/lkml/2005/8/3/36"
},
{
"name": "FLSA:157459-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name": "DSA-922",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-922"
},
{
"name": "USN-219-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/219-1/"
},
{
"name": "18510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18510"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=71ae18ec690953e9ba7107c7cc44589c2cc0d9f1"
},
{
"name": "MDKSA-2005:218",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"name": "FLSA:157459-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name": "17826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17826"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "MDKSA-2005:219",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name": "19252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19252"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@42e81864gSEM90Oun0jA8dufpM3inw"
}
]
}
}

190
2005/3xxx/CVE-2005-3345.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.pizzashack.org/rssh/security.shtml",
"refsource" : "CONFIRM",
"url" : "http://www.pizzashack.org/rssh/security.shtml"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"name" : "GLSA-200512-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"name" : "16050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16050"
},
{
"name" : "18224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18224"
},
{
"name" : "18237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18237"
},
{
"name" : "308",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/308"
},
{
"name" : "rssh-chroot-gain-privileges(23854)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200512-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-15.xml"
},
{
"name": "308",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/308"
},
{
"name": "18237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18237"
},
{
"name": "http://www.pizzashack.org/rssh/security.shtml",
"refsource": "CONFIRM",
"url": "http://www.pizzashack.org/rssh/security.shtml"
},
{
"name": "rssh-chroot-gain-privileges(23854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23854"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424"
},
{
"name": "16050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16050"
},
{
"name": "18224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18224"
}
]
}
}

200
2005/3xxx/CVE-2005-3425.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gnu.org/software/gnump3d/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://www.gnu.org/software/gnump3d/ChangeLog"
},
{
"name" : "DSA-877",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-877"
},
{
"name" : "SUSE-SR:2005:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name" : "15341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15341"
},
{
"name" : "1015118",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015118"
},
{
"name" : "17351",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17351"
},
{
"name" : "17355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17355"
},
{
"name" : "17449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17449"
},
{
"name" : "17831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "1015118",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015118"
},
{
"name": "17831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17831"
},
{
"name": "http://www.gnu.org/software/gnump3d/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.gnu.org/software/gnump3d/ChangeLog"
},
{
"name": "17449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17449"
},
{
"name": "DSA-877",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-877"
},
{
"name": "15341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15341"
},
{
"name": "17351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17351"
},
{
"name": "17355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17355"
}
]
}
}

180
2005/3xxx/CVE-2005-3571.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051113 PHPCalendar (and some more codegrrl.com products) arbitrary code",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113199214723444&w=2"
},
{
"name" : "15417",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15417"
},
{
"name" : "21664",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21664"
},
{
"name" : "ADV-2005-2402",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2402"
},
{
"name" : "1015206",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015206"
},
{
"name" : "17542",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17542"
},
{
"name" : "176",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015206",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015206"
},
{
"name": "15417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15417"
},
{
"name": "17542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17542"
},
{
"name": "20051113 PHPCalendar (and some more codegrrl.com products) arbitrary code",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113199214723444&w=2"
},
{
"name": "ADV-2005-2402",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2402"
},
{
"name": "21664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21664"
},
{
"name": "176",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/176"
}
]
}
}

150
2005/3xxx/CVE-2005-3668.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource" : "MISC",
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"name" : "http://jvn.jp/niscc/NISCC-273756/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name" : "VU#226364",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/226364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
},
{
"name": "http://jvn.jp/niscc/NISCC-273756/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "VU#226364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226364"
}
]
}
}

150
2005/3xxx/CVE-2005-3950.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nufw.org/+NUFW-1-16-minor-security-fix+.html",
"refsource" : "CONFIRM",
"url" : "http://www.nufw.org/+NUFW-1-16-minor-security-fix+.html"
},
{
"name" : "15645",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15645"
},
{
"name" : "ADV-2005-2647",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2647"
},
{
"name" : "17754",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17754"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15645"
},
{
"name": "http://www.nufw.org/+NUFW-1-16-minor-security-fix+.html",
"refsource": "CONFIRM",
"url": "http://www.nufw.org/+NUFW-1-16-minor-security-fix+.html"
},
{
"name": "ADV-2005-2647",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2647"
},
{
"name": "17754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17754"
}
]
}
}

150
2005/4xxx/CVE-2005-4398.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying \"Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html"
},
{
"name" : "15949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15949"
},
{
"name" : "21820",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21820"
},
{
"name" : "18119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying \"Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18119"
},
{
"name": "21820",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21820"
},
{
"name": "http://pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/lemoon-xss-vuln.html"
},
{
"name": "15949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15949"
}
]
}
}

200
2005/4xxx/CVE-2005-4502.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420101/100/0/threaded"
},
{
"name" : "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040532.html"
},
{
"name" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf"
},
{
"name" : "http://net-square.com/httprint/#history",
"refsource" : "CONFIRM",
"url" : "http://net-square.com/httprint/#history"
},
{
"name" : "16031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16031"
},
{
"name" : "ADV-2005-3070",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3070"
},
{
"name" : "1015403",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015403"
},
{
"name" : "18208",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18208"
},
{
"name" : "httprint-response-header-script-injection(23885)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-3070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3070"
},
{
"name": "1015403",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015403"
},
{
"name": "httprint-response-header-script-injection(23885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23885"
},
{
"name": "18208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18208"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf"
},
{
"name": "http://net-square.com/httprint/#history",
"refsource": "CONFIRM",
"url": "http://net-square.com/httprint/#history"
},
{
"name": "16031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16031"
},
{
"name": "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420101/100/0/threaded"
},
{
"name": "20051222 CYBSEC - Security Advisory: httprint Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040532.html"
}
]
}
}

140
2009/0xxx/CVE-2009-0264.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
},
{
"name" : "33644",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33644"
},
{
"name" : "systemcast-registrytool-bo(48315)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33644"
},
{
"name": "systemcast-registrytool-bo(48315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48315"
},
{
"name": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
}
]
}
}

370
2009/0xxx/CVE-2009-0901.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa09-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa09-04.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1"
},
{
"name" : "HPSBMA02488",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126592505426855&w=2"
},
{
"name" : "SSRT100013",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126592505426855&w=2"
},
{
"name" : "MS09-035",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
},
{
"name" : "MS09-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
},
{
"name" : "MS09-060",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
},
{
"name" : "266108",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
},
{
"name" : "TA09-195A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name" : "TA09-223A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name" : "TA09-286A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name" : "35832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35832"
},
{
"name" : "oval:org.mitre.oval:def:6289",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
},
{
"name" : "oval:org.mitre.oval:def:6311",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
},
{
"name" : "oval:org.mitre.oval:def:6373",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
},
{
"name" : "oval:org.mitre.oval:def:7581",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
},
{
"name" : "36187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36187"
},
{
"name" : "36374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36374"
},
{
"name" : "36746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36746"
},
{
"name" : "35967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35967"
},
{
"name" : "ADV-2009-2034",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2034"
},
{
"name" : "ADV-2009-2232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
},
{
"name": "266108",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
},
{
"name": "35832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35832"
},
{
"name": "ADV-2009-2034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2034"
},
{
"name": "TA09-223A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1"
},
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
},
{
"name": "oval:org.mitre.oval:def:7581",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
},
{
"name": "oval:org.mitre.oval:def:6289",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
},
{
"name": "SSRT100013",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126592505426855&w=2"
},
{
"name": "HPSBMA02488",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126592505426855&w=2"
},
{
"name": "36187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36187"
},
{
"name": "oval:org.mitre.oval:def:6311",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
},
{
"name": "ADV-2009-2232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2232"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
},
{
"name": "36374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36374"
},
{
"name": "MS09-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
},
{
"name": "36746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36746"
},
{
"name": "oval:org.mitre.oval:def:6373",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
},
{
"name": "35967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35967"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "MS09-060",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
}
]
}
}

130
2009/2xxx/CVE-2009-2741.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IZ56367",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56367"
},
{
"name" : "websphere-be-wberuntimeear-code-execution(53189)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "websphere-be-wberuntimeear-code-execution(53189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53189"
},
{
"name": "IZ56367",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56367"
}
]
}
}

220
2009/3xxx/CVE-2009-3626.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"name" : "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/",
"refsource" : "MISC",
"url" : "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"name" : "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4",
"refsource" : "CONFIRM",
"url" : "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"name" : "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973",
"refsource" : "CONFIRM",
"url" : "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"name" : "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"name" : "36812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36812"
},
{
"name" : "59283",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59283"
},
{
"name" : "1023077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023077"
},
{
"name" : "37144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37144"
},
{
"name" : "ADV-2009-3023",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3023"
},
{
"name" : "perl-utf8-expressions-dos(53939)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3023",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"name": "[oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"name": "59283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59283"
},
{
"name": "perl-utf8-expressions-dos(53939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"name": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/",
"refsource": "MISC",
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"name": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"name": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973",
"refsource": "CONFIRM",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"name": "37144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37144"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"name": "36812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36812"
},
{
"name": "1023077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023077"
}
]
}
}

220
2009/3xxx/CVE-2009-3672.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka \"HTML Object Memory Corruption Vulnerability.\" NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 IE7",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507984/100/0/threaded"
},
{
"name" : "http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published",
"refsource" : "MISC",
"url" : "http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/977981.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/977981.mspx"
},
{
"name" : "MS09-072",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
},
{
"name" : "TA09-342A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name" : "VU#515749",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/515749"
},
{
"name" : "37085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37085"
},
{
"name" : "oval:org.mitre.oval:def:6381",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6381"
},
{
"name" : "1023293",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023293"
},
{
"name" : "37448",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37448"
},
{
"name" : "ADV-2009-3301",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka \"HTML Object Memory Corruption Vulnerability.\" NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091120 IE7",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507984/100/0/threaded"
},
{
"name": "VU#515749",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/515749"
},
{
"name": "oval:org.mitre.oval:def:6381",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6381"
},
{
"name": "MS09-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
},
{
"name": "TA09-342A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name": "37085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37085"
},
{
"name": "http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published",
"refsource": "MISC",
"url": "http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/977981.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/977981.mspx"
},
{
"name": "ADV-2009-3301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3301"
},
{
"name": "37448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37448"
},
{
"name": "1023293",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023293"
}
]
}
}

240
2009/3xxx/CVE-2009-3676.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka \"SMB Client Incomplete Response Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091111 Windows 7 , Server 2008R2 Remote Kernel Crash",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2009/Nov/134"
},
{
"name" : "http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html",
"refsource" : "MISC",
"url" : "http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html"
},
{
"name" : "http://news.cnet.com/8301-27080_3-10395891-245.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-27080_3-10395891-245.html"
},
{
"name" : "http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/",
"refsource" : "MISC",
"url" : "http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/"
},
{
"name" : "http://secunia.com/blog/66/",
"refsource" : "MISC",
"url" : "http://secunia.com/blog/66/"
},
{
"name" : "http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/977544.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/977544.mspx"
},
{
"name" : "MS10-020",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:7186",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186"
},
{
"name" : "1023179",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023179"
},
{
"name" : "37347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37347"
},
{
"name" : "ADV-2009-3216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka \"SMB Client Incomplete Response Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://news.cnet.com/8301-27080_3-10395891-245.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-27080_3-10395891-245.html"
},
{
"name": "1023179",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023179"
},
{
"name": "http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html",
"refsource": "MISC",
"url": "http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html"
},
{
"name": "oval:org.mitre.oval:def:7186",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7186"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/977544.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/977544.mspx"
},
{
"name": "37347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37347"
},
{
"name": "ADV-2009-3216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3216"
},
{
"name": "MS10-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020"
},
{
"name": "http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/",
"refsource": "MISC",
"url": "http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/"
},
{
"name": "http://secunia.com/blog/66/",
"refsource": "MISC",
"url": "http://secunia.com/blog/66/"
},
{
"name": "20091111 Windows 7 , Server 2008R2 Remote Kernel Crash",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Nov/134"
},
{
"name": "http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2009/11/13/microsoft-security-advisory-977544-released.aspx"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
}

34
2009/4xxx/CVE-2009-4507.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4507",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4507",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2009/4xxx/CVE-2009-4919.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}

120
2012/2xxx/CVE-2012-2044.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-17.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-17.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-17.html"
}
]
}
}

180
2012/2xxx/CVE-2012-2081.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1507446",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1507446"
},
{
"name" : "http://drupal.org/node/1507328",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1507328"
},
{
"name" : "52799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52799"
},
{
"name" : "80678",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80678"
},
{
"name" : "48620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48620"
},
{
"name" : "drupal-organic-views-security-bypass(74526)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48620"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "80678",
"refsource": "OSVDB",
"url": "http://osvdb.org/80678"
},
{
"name": "drupal-organic-views-security-bypass(74526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
},
{
"name": "http://drupal.org/node/1507446",
"refsource": "MISC",
"url": "http://drupal.org/node/1507446"
},
{
"name": "http://drupal.org/node/1507328",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1507328"
},
{
"name": "52799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52799"
}
]
}
}

34
2012/2xxx/CVE-2012-2950.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2950",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2950",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/2xxx/CVE-2012-2979.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2979",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2979",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/0xxx/CVE-2015-0066.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009"
},
{
"name" : "72422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72422"
},
{
"name" : "1031723",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031723"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0040."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031723"
},
{
"name": "72422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72422"
},
{
"name": "MS15-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009"
}
]
}
}

120
2015/0xxx/CVE-2015-0143.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963358",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963358",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963358"
}
]
}
}

34
2015/0xxx/CVE-2015-0147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0147",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0147",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/1xxx/CVE-2015-1024.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1024",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1024",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/1xxx/CVE-2015-1929.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-263",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-263"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398"
},
{
"name" : "75451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75451"
},
{
"name" : "1032773",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032773"
},
{
"name": "75451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75451"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-263",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-263"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398"
}
]
}
}

180
2015/5xxx/CVE-2015-5287.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38832",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38832/"
},
{
"name" : "[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1266837",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1266837"
},
{
"name" : "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e",
"refsource" : "CONFIRM",
"url" : "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "RHSA-2015:2505",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"name" : "78137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"name": "38832",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38832/"
},
{
"name": "[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1266837",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1266837"
},
{
"name": "78137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78137"
},
{
"name": "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e",
"refsource": "CONFIRM",
"url": "https://github.com/abrt/abrt/commit/3c1b60cfa62d39e5fff5a53a5bc53dae189e740e"
}
]
}
}

150
2015/5xxx/CVE-2015-5503.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2495931",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2495931"
},
{
"name" : "https://www.drupal.org/node/2495929",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2495929"
},
{
"name" : "74871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74871"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2495929",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2495929"
},
{
"name": "https://www.drupal.org/node/2495931",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2495931"
},
{
"name": "74871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74871"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}
}

210
2015/5xxx/CVE-2015-5822.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:0915",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name" : "USN-2937-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2937-1"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "openSUSE-SU-2016:0915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name": "USN-2937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2937-1"
}
]
}
}

190
2015/5xxx/CVE-2015-5840.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205213",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205213"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

130
2018/11xxx/CVE-2018-11542.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/CyberSKR/a2a8c76174578605af7bdbf53acebe1b",
"refsource" : "MISC",
"url" : "https://gist.github.com/CyberSKR/a2a8c76174578605af7bdbf53acebe1b"
},
{
"name" : "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes",
"refsource" : "MISC",
"url" : "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes",
"refsource": "MISC",
"url": "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes"
},
{
"name": "https://gist.github.com/CyberSKR/a2a8c76174578605af7bdbf53acebe1b",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/a2a8c76174578605af7bdbf53acebe1b"
}
]
}
}

222
2018/3xxx/CVE-2018-3015.json
View File

@ -1,113 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Universal Banking",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.3.0"
},
{
"version_affected" : "=",
"version_value" : "11.4.0"
},
{
"version_affected" : "=",
"version_value" : "12.0.1"
},
{
"version_affected" : "=",
"version_value" : "12.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.0.3"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.4.0"
},
{
"version_affected" : "=",
"version_value" : "14.0.0"
},
{
"version_affected" : "=",
"version_value" : "14.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.3.0"
},
{
"version_affected": "=",
"version_value": "11.4.0"
},
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.2"
},
{
"version_affected": "=",
"version_value": "12.0.3"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.2.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "12.4.0"
},
{
"version_affected": "=",
"version_value": "14.0.0"
},
{
"version_affected": "=",
"version_value": "14.1.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104778"
},
{
"name" : "1041307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
},
{
"name": "104778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104778"
}
]
}
}

148
2018/3xxx/CVE-2018-3059.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Siebel UI Framework",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "18.7"
},
{
"version_affected" : "=",
"version_value" : "18.8"
},
{
"version_affected" : "=",
"version_value" : "18.9"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 18.7, 18.8 and 18.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Siebel UI Framework",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "18.7"
},
{
"version_affected": "=",
"version_value": "18.8"
},
{
"version_affected": "=",
"version_value": "18.9"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 18.7, 18.8 and 18.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105655"
}
]
}
}

34
2018/3xxx/CVE-2018-3406.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3406",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3406",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3440.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3440",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3440",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3931.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-10T00:00:00",
"ID" : "CVE-2018-3931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Antenna House",
"version" : {
"version_data" : [
{
"version_value" : "Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312)"
}
]
}
}
]
},
"vendor_name" : "Antenna House"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out of bounds write"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-3931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Antenna House",
"version": {
"version_data": [
{
"version_value": "Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312)"
}
]
}
}
]
},
"vendor_name": "Antenna House"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0598",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0598"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0598",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0598"
}
]
}
}

132
2018/3xxx/CVE-2018-3945.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00",
"ID" : "CVE-2018-3945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit PDF Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.1.0.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit Software"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-01T00:00:00",
"ID": "CVE-2018-3945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit PDF Reader",
"version": {
"version_data": [
{
"version_value": "9.1.0.5096"
}
]
}
}
]
},
"vendor_name": "Foxit Software"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612"
},
{
"name" : "1041769",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612"
},
{
"name": "1041769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041769"
}
]
}
}

122
2018/6xxx/CVE-2018-6242.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-04-24T00:00:00",
"ID" : "CVE-2018-6242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Some NVIDIA Tegra Mobile Processors",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code execution, escalation of privileges, and information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-04-24T00:00:00",
"ID": "CVE-2018-6242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Some NVIDIA Tegra Mobile Processors",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4660",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code execution, escalation of privileges, and information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4660",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4660"
}
]
}
}

140
2018/7xxx/CVE-2018-7705.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44285",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44285/"
},
{
"name" : "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
},
{
"name": "44285",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44285/"
}
]
}
}

34
2018/7xxx/CVE-2018-7859.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7859",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7859",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8743.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8743",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8743",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/8xxx/CVE-2018-8820.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the \"match\" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180327 Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/57"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the \"match\" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180327 Blind SQL Injection in Square 9 GlobalForms <= 6.2.x (CVE-2018-8820)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/57"
}
]
}
}