admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:58:57 +00:00
parent aaf7f54182
commit acbbe8e77b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4728 additions and 4728 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

328
2005/0xxx/CVE-2005-0124.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0124", "ID": "CVE-2005-0124",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/lists/linux-kernel/2004/Dec/3914.html" "lang": "eng",
}, "value": "The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow."
{ }
"name" : "[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/lists/linux-kernel/2005/Jan/1089.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel", "description": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/lists/linux-kernel/2005/Jan/2018.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel", ]
"refsource" : "MLIST", }
"url" : "http://seclists.org/lists/linux-kernel/2005/Jan/2020.html" ]
}, },
{ "references": {
"name" : "DSA-1017", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1017" "name": "20163",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20163"
"name" : "DSA-1070", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1070" "name": "18684",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18684"
"name" : "DSA-1067", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1067" "name": "[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/lists/linux-kernel/2005/Jan/1089.html"
"name" : "DSA-1069", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1069" "name": "DSA-1082",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1082"
"name" : "DSA-1082", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1082" "name": "[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/lists/linux-kernel/2004/Dec/3914.html"
"name" : "FLSA:157459-1", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded" "name": "DSA-1070",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1070"
"name" : "RHSA-2006:0191", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0191.html" "name": "14967",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14967"
"name" : "RHSA-2005:663", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" "name": "1013018",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1013018"
"name" : "14967", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14967" "name": "FLSA:157459-1",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
"name" : "oval:org.mitre.oval:def:11690", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11690" "name": "[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/lists/linux-kernel/2005/Jan/2018.html"
"name" : "ADV-2005-1878", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/1878" "name": "DSA-1067",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1067"
"name" : "1013018", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013018" "name": "DSA-1069",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1069"
"name" : "18684", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18684" "name": "17002",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17002"
"name" : "19374", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19374" "name": "[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/lists/linux-kernel/2005/Jan/2020.html"
"name" : "17002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17002" "name": "RHSA-2005:663",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html"
"name" : "20163", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20163" "name": "DSA-1017",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1017"
"name" : "20202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20202" "name": "ADV-2005-1878",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/1878"
"name" : "20338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20338" "name": "20202",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20202"
} },
{
"name": "oval:org.mitre.oval:def:11690",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11690"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
},
{
"name": "RHSA-2006:0191",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name": "20338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20338"
}
]
}
} }

138
2005/0xxx/CVE-2005-0583.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0583", "ID": "CVE-2005-0583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050302 Computer Associates License Client PUTOLF Directory Traversal", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/application/poi/display?id=212&type=vulnerabilities" "lang": "eng",
}, "value": "Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via .. (dot dot) sequences in a PUTOLF request."
{ }
"name" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp", ]
"refsource" : "CONFIRM", },
"url" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050302 License Patches Are Now Available To Address Buffer Overflows", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110979326828704&w=2" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20050302 License Patches Are Now Available To Address Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110979326828704&w=2"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp"
},
{
"name": "20050302 Computer Associates License Client PUTOLF Directory Traversal",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=212&type=vulnerabilities"
}
]
}
} }

168
2005/2xxx/CVE-2005-2101.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-2101", "ID": "CVE-2005-2101",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kde.org/info/security/advisory-20050815-1.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kde.org/info/security/advisory-20050815-1.txt" "lang": "eng",
}, "value": "langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files."
{ }
"name" : "DSA-818", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-818" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2005:159", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:159" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14561", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/14561" ]
}, },
{ "references": {
"name" : "1014675", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014675" "name": "14561",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14561"
"name" : "16428", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16428" "name": "http://www.kde.org/info/security/advisory-20050815-1.txt",
} "refsource": "CONFIRM",
] "url": "http://www.kde.org/info/security/advisory-20050815-1.txt"
} },
{
"name": "DSA-818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-818"
},
{
"name": "16428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16428"
},
{
"name": "MDKSA-2005:159",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:159"
},
{
"name": "1014675",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014675"
}
]
}
} }

288
2005/2xxx/CVE-2005-2474.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2474", "ID": "CVE-2005-2474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050801 ChurchInfo Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112291550713546&w=2" "lang": "eng",
}, "value": "ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message."
{ }
"name" : "18429", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/18429" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18430", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18430" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18431", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/18431" ]
}, },
{ "references": {
"name" : "18432", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18432" "name": "18430",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18430"
"name" : "18433", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18433" "name": "18450",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18450"
"name" : "18434", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18434" "name": "18432",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18432"
"name" : "18435", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18435" "name": "18435",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18435"
"name" : "18436", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18436" "name": "20050801 ChurchInfo Multiple Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=112291550713546&w=2"
"name" : "18437", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18437" "name": "18425",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18425"
"name" : "18438", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18438" "name": "churchinfo-path-disclosure(21648)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21648"
"name" : "18439", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18439" "name": "18426",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18426"
"name" : "18450", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18450" "name": "1014617",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014617"
"name" : "18425", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18425" "name": "18439",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18439"
"name" : "18426", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18426" "name": "18437",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18437"
"name" : "1014617", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014617" "name": "18429",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18429"
"name" : "16292", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16292" "name": "18431",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/18431"
"name" : "churchinfo-path-disclosure(21648)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21648" "name": "18433",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/18433"
} },
{
"name": "18438",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18438"
},
{
"name": "18436",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18436"
},
{
"name": "18434",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18434"
},
{
"name": "16292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16292"
}
]
}
} }

168
2005/2xxx/CVE-2005-2653.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2653", "ID": "CVE-2005-2653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050818 BBCaffe 2.0 cross site scripting poc", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/408503" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message."
{ }
"name" : "http://rgod.altervista.org/bbcaffe.html", ]
"refsource" : "MISC", },
"url" : "http://rgod.altervista.org/bbcaffe.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14602", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14602" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1014733", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1014733" ]
}, },
{ "references": {
"name" : "16503", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16503" "name": "14602",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14602"
"name" : "bbcaffe-xss(21913)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21913" "name": "bbcaffe-xss(21913)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21913"
} },
{
"name": "1014733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014733"
},
{
"name": "http://rgod.altervista.org/bbcaffe.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/bbcaffe.html"
},
{
"name": "16503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16503"
},
{
"name": "20050818 BBCaffe 2.0 cross site scripting poc",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408503"
}
]
}
} }

138
2005/3xxx/CVE-2005-3013.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3013", "ID": "CVE-2005-3013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SUSE-SR:2005:022", "description_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_22_sr.html" "lang": "eng",
}, "value": "Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry."
{ }
"name" : "14861", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14861" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "suse-yast-loc-bo(24323)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24323" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "suse-yast-loc-bo(24323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24323"
},
{
"name": "SUSE-SR:2005:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "14861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14861"
}
]
}
} }

148
2005/3xxx/CVE-2005-3098.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3098", "ID": "CVE-2005-3098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050924 It's time for some warez - Qpopper poppassd local r00t exploit", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/lists/fulldisclosure/2005/Sep/0652.html" "lang": "eng",
}, "value": "poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument."
{ }
"name" : "14944", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14944" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-1844", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/1844" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16935", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16935" ]
} },
] "references": {
} "reference_data": [
{
"name": "14944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14944"
},
{
"name": "16935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16935"
},
{
"name": "ADV-2005-1844",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1844"
},
{
"name": "20050924 It's time for some warez - Qpopper poppassd local r00t exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Sep/0652.html"
}
]
}
} }

148
2005/3xxx/CVE-2005-3100.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3100", "ID": "CVE-2005-3100",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289" "lang": "eng",
}, "value": "Unspecified \"PPTP Remote DoS Vulnerability\" in Astaro Security Linux 4.027 allows attackers to cause a denial of service."
{ }
"name" : "14950", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14950" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20971", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20971" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16967", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16967" ]
} },
] "references": {
} "reference_data": [
{
"name": "14950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14950"
},
{
"name": "20971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20971"
},
{
"name": "16967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16967"
},
{
"name": "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289",
"refsource": "CONFIRM",
"url": "http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289"
}
]
}
} }

128
2005/3xxx/CVE-2005-3223.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3223", "ID": "CVE-2005-3223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051007 Antivirus detection bypass by special crafted archive.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2" "lang": "eng",
}, "value": "Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
{ }
"name" : "http://shadock.net/secubox/AVCraftedArchive.html", ]
"refsource" : "MISC", },
"url" : "http://shadock.net/secubox/AVCraftedArchive.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}
} }

128
2005/3xxx/CVE-2005-3725.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3725", "ID": "CVE-2005-3725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=113217443126673&w=2" "lang": "eng",
}, "value": "Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE."
{ }
"name" : "15478", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15478" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15478"
},
{
"name": "20051116 Zyxel P2000W (Version1) VoIP Wifi phone multiple",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113217443126673&w=2"
}
]
}
} }

268
2005/3xxx/CVE-2005-3905.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3905", "ID": "CVE-2005-3905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the \"first issue\" identified in SUNALERT:102003."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2005-11-30", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html" "lang": "eng",
}, "value": "Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the \"first issue\" identified in SUNALERT:102003."
{ }
"name" : "GLSA-200601-10", ]
"refsource" : "GENTOO", },
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102003", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628", ]
"refsource" : "CONFIRM", }
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628" ]
}, },
{ "references": {
"name" : "VU#974188", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/974188" "name": "17847",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17847"
"name" : "15615", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15615" "name": "18503",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18503"
"name" : "ADV-2005-2636", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2636" "name": "18435",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18435"
"name" : "ADV-2005-2946", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2946" "name": "15615",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15615"
"name" : "ADV-2005-2675", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2675" "name": "102003",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1"
"name" : "1015280", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015280" "name": "ADV-2005-2946",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2946"
"name" : "17748", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17748" "name": "ADV-2005-2675",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2675"
"name" : "18092", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18092" "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628",
}, "refsource": "CONFIRM",
{ "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
"name" : "17847", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17847" "name": "ADV-2005-2636",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2636"
"name" : "18503", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18503" "name": "GLSA-200601-10",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml"
"name" : "18435", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18435" "name": "VU#974188",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/974188"
"name" : "sun-reflection-api-elevate-privileges(23251)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251" "name": "1015280",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015280"
} },
{
"name": "APPLE-SA-2005-11-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
},
{
"name": "sun-reflection-api-elevate-privileges(23251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251"
},
{
"name": "17748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17748"
},
{
"name": "18092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18092"
}
]
}
} }

268
2005/4xxx/CVE-2005-4153.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4153", "ID": "CVE-2005-4153",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-955", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-955" "lang": "eng",
}, "value": "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573."
{ }
"name" : "MDKSA-2005:222", ]
"refsource" : "MANDRIVA", },
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2006:0204", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0204.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20060401-01-U", ]
"refsource" : "SGI", }
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U" ]
}, },
{ "references": {
"name" : "2006-0012", "reference_data": [
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2006/0012/" "name": "19167",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19167"
"name" : "USN-242-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-242-1" "name": "USN-242-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-242-1"
"name" : "16248", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16248" "name": "16248",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16248"
"name" : "21723", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21723" "name": "20060401-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
"name" : "oval:org.mitre.oval:def:10660", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660" "name": "2006-0012",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2006/0012/"
"name" : "18612", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18612" "name": "RHSA-2006:0204",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
"name" : "19167", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19167" "name": "oval:org.mitre.oval:def:10660",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660"
"name" : "19196", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19196" "name": "mailman-utf8-scrubber-dos(23139)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
"name" : "18449", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18449" "name": "18456",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18456"
"name" : "18456", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18456" "name": "19532",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19532"
"name" : "19532", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19532" "name": "MDKSA-2005:222",
}, "refsource": "MANDRIVA",
{ "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
"name" : "mailman-utf8-scrubber-dos(23139)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139" "name": "18449",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18449"
} },
{
"name": "18612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18612"
},
{
"name": "21723",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21723"
},
{
"name": "19196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19196"
},
{
"name": "DSA-955",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-955"
}
]
}
} }

168
2005/4xxx/CVE-2005-4238.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4238", "ID": "CVE-2005-4238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter."
{ }
"name" : "DSA-944", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-944" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15842", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15842" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-2874", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/2874" ]
}, },
{ "references": {
"name" : "18018", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18018" "name": "18481",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18481"
"name" : "18481", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18481" "name": "15842",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15842"
} },
{
"name": "ADV-2005-2874",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2874"
},
{
"name": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
},
{
"name": "18018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18018"
}
]
}
} }

178
2005/4xxx/CVE-2005-4809.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4809", "ID": "CVE-2005-4809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050313 Firefox 1.01 : spoofing status bar without using JavaScript", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=111073068631287&w=2" "lang": "eng",
}, "value": "Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag."
{ }
"name" : "12798", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-0260", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0260" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14885", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/14885" ]
}, },
{ "references": {
"name" : "1013423", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013423" "name": "mozilla-save-link-as-dialog-spoofing(19540)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540"
"name" : "14568", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14568" "name": "14568",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/14568"
"name" : "mozilla-save-link-as-dialog-spoofing(19540)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19540" "name": "12798",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/12798"
} },
{
"name": "1013423",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013423"
},
{
"name": "14885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14885"
},
{
"name": "20050313 Firefox 1.01 : spoofing status bar without using JavaScript",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=111073068631287&w=2"
},
{
"name": "ADV-2005-0260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0260"
}
]
}
} }

198
2009/0xxx/CVE-2009-0071.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0071", "ID": "CVE-2009-0071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html" "lang": "eng",
}, "value": "Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected."
{ }
"name" : "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState", "description": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8091", ]
"refsource" : "EXPLOIT-DB", }
"url" : "https://www.exploit-db.com/exploits/8091" ]
}, },
{ "references": {
"name" : "8219", "reference_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8219" "name": "8219",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/8219"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=456727", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=456727" "name": "20090107 Firefox 3.0.5 remote vulnerability via queryCommandState",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472507", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472507" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=456727"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=448329", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=448329" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=448329"
"name" : "33154", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33154" "name": "8091",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/8091"
} },
{
"name": "33154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33154"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472507"
},
{
"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html"
},
{
"name": "20090107 Re: Firefox 3.0.5 remote vulnerability via queryCommandState",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html"
}
]
}
} }

138
2009/0xxx/CVE-2009-0598.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0598", "ID": "CVE-2009-0598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7660", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7660" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "33105", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33105" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33332", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33332" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "33332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33332"
},
{
"name": "7660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7660"
},
{
"name": "33105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33105"
}
]
}
} }

178
2009/0xxx/CVE-2009-0917.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0917", "ID": "CVE-2009-0917",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ptk.dflabs.com/faq.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://ptk.dflabs.com/faq.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""
{ }
"name" : "http://ptk.dflabs.com/security.html", ]
"refsource" : "MISC", },
"url" : "http://ptk.dflabs.com/security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ", "description": [
"refsource" : "MISC", {
"url" : "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#845747", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/845747" ]
}, },
{ "references": {
"name" : "34111", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34111" "name": "http://ptk.dflabs.com/security.html",
}, "refsource": "MISC",
{ "url": "http://ptk.dflabs.com/security.html"
"name" : "34257", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34257" "name": "34257",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34257"
"name" : "ptk-unspecified-xss(49236)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236" "name": "VU#845747",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/845747"
} },
{
"name": "34111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "ptk-unspecified-xss(49236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"
},
{
"name": "http://ptk.dflabs.com/faq.html",
"refsource": "MISC",
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
}
]
}
} }

178
2009/0xxx/CVE-2009-0959.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0959", "ID": "CVE-2009-0959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3639", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3639" "lang": "eng",
}, "value": "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\""
{ }
"name" : "APPLE-SA-2009-06-17-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35414", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35414" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35433", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/35433" ]
}, },
{ "references": {
"name" : "55237", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55237" "name": "55237",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/55237"
"name" : "ADV-2009-1621", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1621" "name": "http://support.apple.com/kb/HT3639",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3639"
"name" : "ipod-iphone-mpeg4-dos(51211)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211" "name": "ADV-2009-1621",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/1621"
} },
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "ipod-iphone-mpeg4-dos(51211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35433"
}
]
}
} }

158
2009/2xxx/CVE-2009-2177.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2177", "ID": "CVE-2009-2177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a \"....//\" (dot dot) in the s parameter, which is collapsed into a \"../\" value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8978", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8978" "lang": "eng",
}, "value": "code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to conduct directory traversal attacks and overwrite arbitrary files via a \"....//\" (dot dot) in the s parameter, which is collapsed into a \"../\" value."
{ }
"name" : "35418", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35418" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55184", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55184" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35489", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35489" ]
}, },
{ "references": {
"name" : "fuzzylimecms-display-file-overwrite(51206)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51206" "name": "35418",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/35418"
} },
{
"name": "fuzzylimecms-display-file-overwrite(51206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51206"
},
{
"name": "8978",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8978"
},
{
"name": "55184",
"refsource": "OSVDB",
"url": "http://osvdb.org/55184"
},
{
"name": "35489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35489"
}
]
}
} }

198
2009/2xxx/CVE-2009-2195.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2195", "ID": "CVE-2009-2195",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3733", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3733" "lang": "eng",
}, "value": "Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers."
{ }
"name" : "http://support.apple.com/kb/HT4225", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4225" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2009-08-11-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-06-21-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2011:002", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "36023", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36023" "name": "APPLE-SA-2009-08-11-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"
"name" : "1022717", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022717" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "http://support.apple.com/kb/HT4225",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4225"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "36023",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/36023"
} },
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022717"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT3733",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3733"
}
]
}
} }

138
2009/2xxx/CVE-2009-2452.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2452", "ID": "CVE-2009-2452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to \"underlying components of the License Management Console.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.citrix.com/article/CTX120742", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX120742" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to \"underlying components of the License Management Console.\""
{ }
"name" : "34759", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34759" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34937", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34937" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX120742",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX120742"
},
{
"name": "34937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34937"
},
{
"name": "34759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34759"
}
]
}
} }

128
2009/2xxx/CVE-2009-2577.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2577", "ID": "CVE-2009-2577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/505092/100/0/threaded" "lang": "eng",
}, "value": "Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption, and application hang) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479."
{ }
"name" : "http://websecurity.com.ua/3338/", ]
"refsource" : "MISC", },
"url" : "http://websecurity.com.ua/3338/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3338/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3338/"
},
{
"name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
}
]
}
} }

328
2009/3xxx/CVE-2009-3077.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-3077", "ID": "CVE-2009-3077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a \"dangling pointer vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a \"dangling pointer vulnerability.\""
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=506871", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=506871" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1885", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1885" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2009:1430", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1430.html" ]
}, },
{ "references": {
"name" : "RHSA-2009:1431", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1431.html" "name": "DSA-1885",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1885"
"name" : "RHSA-2009:1432", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1432.html" "name": "RHSA-2010:0153",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
"name" : "RHSA-2010:0153", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html" "name": "36343",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36343"
"name" : "RHSA-2010:0154", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html" "name": "39001",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39001"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "SUSE-SA:2009:048",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
"name" : "SUSE-SA:2009:048", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html" "name": "oval:org.mitre.oval:def:10730",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730"
"name" : "USN-915-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-915-1" "name": "RHSA-2009:1430",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
"name" : "36343", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36343" "name": "ADV-2010-0650",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0650"
"name" : "oval:org.mitre.oval:def:10730", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730" "name": "oval:org.mitre.oval:def:5606",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606"
"name" : "oval:org.mitre.oval:def:5606", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606" "name": "36692",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36692"
"name" : "36671", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36671" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "39001", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39001" "name": "36670",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36670"
"name" : "38977", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38977" "name": "36671",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36671"
"name" : "37098", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37098" "name": "38977",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38977"
"name" : "36669", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36669" "name": "36669",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36669"
"name" : "36670", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36670" "name": "RHSA-2010:0154",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
"name" : "36692", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36692" "name": "RHSA-2009:1432",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
"name" : "ADV-2010-0650", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0650" "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html",
} "refsource": "CONFIRM",
] "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-49.html"
} },
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=506871",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=506871"
},
{
"name": "37098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37098"
},
{
"name": "USN-915-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name": "RHSA-2009:1431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1431.html"
}
]
}
} }

358
2009/3xxx/CVE-2009-3228.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3228", "ID": "CVE-2009-3228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090903 CVE request: kernel: tc: uninitialised kernel memory leak", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/09/03/1" "lang": "eng",
}, "value": "The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors."
{ }
"name" : "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/09/05/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/09/06/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2009/09/07/2" ]
}, },
{ "references": {
"name" : "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/09/17/1" "name": "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"
"name" : "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/09/17/9" "name": "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", },
"refsource" : "MLIST", {
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" "name": "RHSA-2009:1540",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a" "name": "USN-864-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-864-1"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b" "name": "38794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38794"
"name" : "http://patchwork.ozlabs.org/patch/32830/", },
"refsource" : "CONFIRM", {
"url" : "http://patchwork.ozlabs.org/patch/32830/" "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
}, "refsource": "MLIST",
{ "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6" "name": "MDVSA-2010:198",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9" "name": "[oss-security] 20090903 CVE request: kernel: tc: uninitialised kernel memory leak",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/09/03/1"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=520990", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=520990" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=520990",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520990"
"name" : "MDVSA-2010:198", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" "name": "37084",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37084"
"name" : "RHSA-2009:1540", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" "name": "RHSA-2009:1522",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"
"name" : "RHSA-2009:1548", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1548.html" "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"
"name" : "RHSA-2009:1522", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1522.html" "name": "oval:org.mitre.oval:def:9409",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409"
"name" : "USN-864-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-864-1" "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a"
"name" : "oval:org.mitre.oval:def:6757", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757" "name": "RHSA-2009:1548",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
"name" : "oval:org.mitre.oval:def:9409", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9"
"name" : "1023073", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023073" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b"
"name" : "38794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38794" "name": "38834",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38834"
"name" : "38834", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38834" "name": "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"
"name" : "37084", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37084" "name": "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"
"name" : "ADV-2010-0528", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0528" "name": "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"
} },
{
"name": "1023073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023073"
},
{
"name": "http://patchwork.ozlabs.org/patch/32830/",
"refsource": "CONFIRM",
"url": "http://patchwork.ozlabs.org/patch/32830/"
},
{
"name": "oval:org.mitre.oval:def:6757",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
} }

198
2009/3xxx/CVE-2009-3617.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-3617", "ID": "CVE-2009-3617",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20091016 CVE Request - aria2 - 1.6.2", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=125568632528906&w=2" "lang": "eng",
}, "value": "Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information."
{ }
"name" : "[oss-security] 20091016 Re: CVE Request - aria2 - 1.6.2", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=oss-security&m=125572053420493&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586", "description": [
"refsource" : "CONFIRM", {
"url" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572", ]
"refsource" : "CONFIRM", }
"url" : "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=529342", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=529342" "name": "https://fedorahosted.org/rel-eng/ticket/2495",
}, "refsource": "CONFIRM",
{ "url": "https://fedorahosted.org/rel-eng/ticket/2495"
"name" : "https://fedorahosted.org/rel-eng/ticket/2495", },
"refsource" : "CONFIRM", {
"url" : "https://fedorahosted.org/rel-eng/ticket/2495" "name": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572",
}, "refsource": "CONFIRM",
{ "url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572"
"name" : "59087", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/59087" "name": "ADV-2009-2960",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2960"
"name" : "31732", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31732" "name": "[oss-security] 20091016 CVE Request - aria2 - 1.6.2",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=125568632528906&w=2"
"name" : "ADV-2009-2960", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2960" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=529342",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=529342"
} },
{
"name": "31732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31732"
},
{
"name": "59087",
"refsource": "OSVDB",
"url": "http://osvdb.org/59087"
},
{
"name": "[oss-security] 20091016 Re: CVE Request - aria2 - 1.6.2",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125572053420493&w=2"
},
{
"name": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586",
"refsource": "CONFIRM",
"url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586"
}
]
}
} }

298
2009/3xxx/CVE-2009-3865.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3865", "ID": "CVE-2009-3865",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://java.sun.com/javase/6/webnotes/6u17.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://java.sun.com/javase/6/webnotes/6u17.html" "lang": "eng",
}, "value": "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752."
{ }
"name" : "http://support.apple.com/kb/HT3969", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT3969" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT3970", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3970" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2009-12-03-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2009-12-03-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" "name": "36881",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36881"
"name" : "GLSA-200911-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" "name": "http://support.apple.com/kb/HT3970",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3970"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "RHSA-2009:1694", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1694.html" "name": "http://support.apple.com/kb/HT3969",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3969"
"name" : "269869", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1" "name": "GLSA-200911-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name" : "SUSE-SA:2009:058", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" "name": "RHSA-2009:1694",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
"name" : "36881", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36881" "name": "APPLE-SA-2009-12-03-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
"name" : "oval:org.mitre.oval:def:7562", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562" "name": "37231",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37231"
"name" : "1023244", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023244" "name": "oval:org.mitre.oval:def:7562",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562"
"name" : "37231", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37231" "name": "SUSE-SA:2009:058",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
"name" : "37239", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37239" "name": "ADV-2009-3131",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3131"
"name" : "37386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37386" "name": "APPLE-SA-2009-12-03-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
"name" : "37581", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37581" "name": "37581",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37581"
"name" : "37841", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37841" "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
}, "refsource": "CONFIRM",
{ "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
"name" : "ADV-2009-3131", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3131" "name": "37841",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/37841"
} },
{
"name": "269869",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1"
},
{
"name": "37239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37239"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "1023244",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023244"
}
]
}
} }

398
2009/3xxx/CVE-2009-3874.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3874", "ID": "CVE-2009-3874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://zerodayinitiative.com/advisories/ZDI-09-080/", "description_data": [
"refsource" : "MISC", {
"url" : "http://zerodayinitiative.com/advisories/ZDI-09-080/" "lang": "eng",
}, "value": "Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643."
{ }
"name" : "http://java.sun.com/javase/6/webnotes/6u17.html", ]
"refsource" : "CONFIRM", },
"url" : "http://java.sun.com/javase/6/webnotes/6u17.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT3969", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3969" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT3970", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT3970" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html" "name": "HPSBUX02503",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=126566824131534&w=2"
"name" : "APPLE-SA-2009-12-03-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html" "name": "36881",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36881"
"name" : "APPLE-SA-2009-12-03-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html" "name": "http://support.apple.com/kb/HT3970",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3970"
"name" : "GLSA-200911-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "HPSBMU02703", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=131593453929393&w=2" "name": "http://support.apple.com/kb/HT3969",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3969"
"name" : "SSRT100242", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=131593453929393&w=2" "name": "http://zerodayinitiative.com/advisories/ZDI-09-080/",
}, "refsource": "MISC",
{ "url": "http://zerodayinitiative.com/advisories/ZDI-09-080/"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "HPSBMU02703",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=131593453929393&w=2"
"name" : "HPSBUX02503", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126566824131534&w=2" "name": "GLSA-200911-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name" : "SSRT100019", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126566824131534&w=2" "name": "RHSA-2009:1694",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
"name" : "MDVSA-2010:084", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" "name": "oval:org.mitre.oval:def:8603",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603"
"name" : "RHSA-2009:1694", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1694.html" "name": "APPLE-SA-2009-12-03-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
"name" : "270474", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1" "name": "37231",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37231"
"name" : "SUSE-SA:2009:058", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html" "name": "SSRT100019",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=126566824131534&w=2"
"name" : "36881", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36881" "name": "1023132",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023132"
"name" : "oval:org.mitre.oval:def:11566", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566" "name": "SSRT100242",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=131593453929393&w=2"
"name" : "oval:org.mitre.oval:def:7442", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442" "name": "SUSE-SA:2009:058",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
"name" : "oval:org.mitre.oval:def:8603", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603" "name": "270474",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
"name" : "oval:org.mitre.oval:def:12057", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057" "name": "ADV-2009-3131",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3131"
"name" : "1023132", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023132" "name": "APPLE-SA-2009-12-03-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
"name" : "37231", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37231" "name": "oval:org.mitre.oval:def:11566",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566"
"name" : "37239", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37239" "name": "oval:org.mitre.oval:def:12057",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057"
"name" : "37386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37386" "name": "37581",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37581"
"name" : "37581", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37581" "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
"name" : "37841", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37841" "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
}, "refsource": "CONFIRM",
{ "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
"name" : "ADV-2009-3131", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3131" "name": "37841",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/37841"
} },
{
"name": "oval:org.mitre.oval:def:7442",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442"
},
{
"name": "37239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37239"
},
{
"name": "MDVSA-2010:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
}
]
}
} }

32
2009/4xxx/CVE-2009-4054.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2009-4054", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2009-4054",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3672. Reason: This candidate is a duplicate of CVE-2009-3672. The duplicate was assigned by the CNA without proper coordination with MITRE. Notes: All CVE users should reference CVE-2009-3672 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3672. Reason: This candidate is a duplicate of CVE-2009-3672. The duplicate was assigned by the CNA without proper coordination with MITRE. Notes: All CVE users should reference CVE-2009-3672 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

138
2009/4xxx/CVE-2009-4069.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4069", "ID": "CVE-2009-4069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1818", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1818" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "35424", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35424" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35458", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35458" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1818"
},
{
"name": "35458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35458"
},
{
"name": "35424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35424"
}
]
}
} }

138
2009/4xxx/CVE-2009-4103.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4103", "ID": "CVE-2009-4103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "37143", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37143" "lang": "eng",
}, "value": "Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "60513", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/60513" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37452", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37452" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "37452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37452"
},
{
"name": "60513",
"refsource": "OSVDB",
"url": "http://osvdb.org/60513"
},
{
"name": "37143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37143"
}
]
}
} }

118
2009/4xxx/CVE-2009-4564.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4564", "ID": "CVE-2009-4564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9154", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9154" "lang": "eng",
} "value": "SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9154",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9154"
}
]
}
} }

118
2012/2xxx/CVE-2012-2280.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2012-2280", "ID": "CVE-2012-2280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a \"Cross frame scripting vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html" "lang": "eng",
} "value": "EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a \"Cross frame scripting vulnerability.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0064.html"
}
]
}
} }

158
2012/2xxx/CVE-2012-2530.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-2530", "ID": "CVE-2012-2530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-075", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075" "lang": "eng",
}, "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka \"Win32k Use After Free Vulnerability.\""
{ }
"name" : "TA12-318A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15936", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15936" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027750", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027750" ]
}, },
{ "references": {
"name" : "51239", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51239" "name": "TA12-318A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
} },
{
"name": "1027750",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027750"
},
{
"name": "oval:org.mitre.oval:def:15936",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15936"
},
{
"name": "MS12-075",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075"
},
{
"name": "51239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51239"
}
]
}
} }

32
2012/2xxx/CVE-2012-2666.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2666", "ID": "CVE-2012-2666",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

188
2012/2xxx/CVE-2012-2897.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2897", "ID": "CVE-2012-2897",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka \"Windows Font Parsing Vulnerability\" or \"TrueType Font Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" "lang": "eng",
}, "value": "The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka \"Windows Font Parsing Vulnerability\" or \"TrueType Font Parsing Vulnerability.\""
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=146254", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=146254" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS12-075", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA12-318A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:15847", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847" "name": "google-chrome-cve20122897(78822)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78822"
"name" : "1027750", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027750" "name": "TA12-318A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
"name" : "51239", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51239" "name": "oval:org.mitre.oval:def:15847",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15847"
"name" : "google-chrome-cve20122897(78822)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78822" "name": "1027750",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1027750"
} },
{
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=146254",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=146254"
},
{
"name": "MS12-075",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-075"
},
{
"name": "51239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51239"
}
]
}
} }

168
2015/0xxx/CVE-2015-0500.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0500", "ID": "CVE-2015-0500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201507-19", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201507-19" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2015:0946", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" ]
}, },
{ "references": {
"name" : "74081", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74081" "name": "GLSA-201507-19",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201507-19"
"name" : "1032121", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032121" "name": "1032121",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1032121"
} },
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "74081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74081"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
} }

138
2015/0xxx/CVE-2015-0646.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0646", "ID": "CVE-2015-0646",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150325 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak" "lang": "eng",
}, "value": "Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811."
{ }
"name" : "73340", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/73340" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031980", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031980" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20150325 Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak"
},
{
"name": "73340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73340"
},
{
"name": "1031980",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031980"
}
]
}
} }

32
2015/0xxx/CVE-2015-0908.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-0908", "ID": "CVE-2015-0908",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2015/1xxx/CVE-2015-1315.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2015-1315", "ID": "CVE-2015-1315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150217 CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/02/17/4" "lang": "eng",
}, "value": "Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8."
{ }
"name" : "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt", ]
"refsource" : "MISC", },
"url" : "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-2502-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-2502-1" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961/comments/120"
},
{
"name": "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt",
"refsource": "MISC",
"url": "http://www.conostix.com/pub/adv/CVE-2015-1315-Info-ZIP-unzip-Out-of-bounds_Write.txt"
},
{
"name": "[oss-security] 20150217 CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/17/4"
},
{
"name": "USN-2502-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2502-1"
}
]
}
} }

128
2015/1xxx/CVE-2015-1569.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1569", "ID": "CVE-2015-1569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150129 Fortinet FortiClient Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jan/124" "lang": "eng",
}, "value": "Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate."
{ }
"name" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf"
},
{
"name": "20150129 Fortinet FortiClient Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/124"
}
]
}
} }

128
2015/1xxx/CVE-2015-1675.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1675", "ID": "CVE-2015-1675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-045", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045" "lang": "eng",
}, "value": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka \"Windows Journal Remote Code Execution Vulnerability,\" a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699."
{ }
"name" : "1032280", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032280" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032280"
},
{
"name": "MS15-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045"
}
]
}
} }

32
2015/1xxx/CVE-2015-1825.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1825", "ID": "CVE-2015-1825",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

248
2015/1xxx/CVE-2015-1914.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1914", "ID": "CVE-2015-1914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass \"permission checks\" and obtain sensitive information via vectors related to the Java Virtual Machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" "lang": "eng",
}, "value": "IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass \"permission checks\" and obtain sensitive information via vectors related to the Java Virtual Machine."
{ }
"name" : "IV72245", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72245" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV72246", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72246" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:1006", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:1007", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html" "name": "RHSA-2015:1007",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
"name" : "RHSA-2015:1020", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html" "name": "IV72245",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72245"
"name" : "RHSA-2015:1021", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html" "name": "RHSA-2015:1006",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
"name" : "RHSA-2015:1091", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html" "name": "RHSA-2015:1091",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
"name" : "SUSE-SU-2015:1085", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
"name" : "SUSE-SU-2015:1086", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" "name": "SUSE-SU-2015:1138",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
"name" : "SUSE-SU-2015:1138", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" "name": "RHSA-2015:1020",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
"name" : "SUSE-SU-2015:1161", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" "name": "SUSE-SU-2015:1086",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
"name" : "SUSE-SU-2015:1073", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html" "name": "74645",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/74645"
"name" : "74645", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74645" "name": "SUSE-SU-2015:1085",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
} },
{
"name": "RHSA-2015:1021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "SUSE-SU-2015:1073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"
},
{
"name": "SUSE-SU-2015:1161",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name": "IV72246",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV72246"
}
]
}
} }

32
2015/5xxx/CVE-2015-5000.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5000", "ID": "CVE-2015-5000",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2015/5xxx/CVE-2015-5593.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5593", "ID": "CVE-2015-5593",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2015/5xxx/CVE-2015-5673.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2015-5673", "ID": "CVE-2015-5673",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a \"gcloud compute\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa" "lang": "eng",
}, "value": "eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a \"gcloud compute\" command."
{ }
"name" : "https://github.com/isucon/isucon5-qualify/pull/5", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/isucon/isucon5-qualify/pull/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#04281281", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN04281281/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2015-000175", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000175" ]
} },
] "references": {
} "reference_data": [
{
"name": "JVNDB-2015-000175",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000175"
},
{
"name": "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa",
"refsource": "CONFIRM",
"url": "https://github.com/isucon/isucon5-qualify/commit/150e3e6d851acb31a0b15ce93380a7dab14203fa"
},
{
"name": "https://github.com/isucon/isucon5-qualify/pull/5",
"refsource": "CONFIRM",
"url": "https://github.com/isucon/isucon5-qualify/pull/5"
},
{
"name": "JVN#04281281",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN04281281/index.html"
}
]
}
} }

208
2015/5xxx/CVE-2015-5964.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5964", "ID": "CVE-2015-5964",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/" "lang": "eng",
}, "value": "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3338", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3338" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-1dd5bc998f", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:1894", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1894.html" "name": "FEDORA-2015-1dd5bc998f",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"
"name" : "RHSA-2015:1766", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1766.html" "name": "RHSA-2015:1894",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"
"name" : "RHSA-2015:1767", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1767.html" "name": "DSA-3338",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3338"
"name" : "USN-2720-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2720-1" "name": "1033318",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033318"
"name" : "76440", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76440" "name": "RHSA-2015:1767",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"
"name" : "1033318", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033318" "name": "USN-2720-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2720-1"
} },
{
"name": "RHSA-2015:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"
},
{
"name": "76440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76440"
},
{
"name": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
} }

32
2018/11xxx/CVE-2018-11312.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11312", "ID": "CVE-2018-11312",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/3xxx/CVE-2018-3321.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3321", "ID": "CVE-2018-3321",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/3xxx/CVE-2018-3554.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3554", "ID": "CVE-2018-3554",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/3xxx/CVE-2018-3582.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-05-11T00:00:00", "DATE_PUBLIC": "2018-05-11T00:00:00",
"ID" : "CVE-2018-3582", "ID": "CVE-2018-3582",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" "lang": "eng",
} "value": "Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
} }

128
2018/3xxx/CVE-2018-3697.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"ID" : "CVE-2018-3697", "ID": "CVE-2018-3697",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel Media Server Studio", "product_name": "Intel Media Server Studio",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions before 2019 Beta Release" "version_value": "Versions before 2019 Beta Release"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html" "lang": "eng",
}, "value": "Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access."
{ }
"name" : "106025", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106025" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html"
},
{
"name": "106025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106025"
}
]
}
} }

130
2018/3xxx/CVE-2018-3924.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-19T00:00:00", "DATE_PUBLIC": "2018-07-19T00:00:00",
"ID" : "CVE-2018-3924", "ID": "CVE-2018-3924",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit", "product_name": "Foxit",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Foxit Software Foxit PDF Reader 9.1.5096" "version_value": "Foxit Software Foxit PDF Reader 9.1.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588" "lang": "eng",
}, "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
{ }
"name" : "1041353", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041353" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041353",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041353"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0588"
}
]
}
} }

148
2018/3xxx/CVE-2018-3991.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2018-3991", "ID": "CVE-2018-3991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659" "lang": "eng",
}, "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
{ }
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "107005", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/107005" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
},
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
}
]
}
} }

128
2018/6xxx/CVE-2018-6551.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6551", "ID": "CVE-2018-6551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22774", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22774" "lang": "eng",
}, "value": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption."
{ }
"name" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22", ]
"refsource" : "CONFIRM", },
"url" : "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22774",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22774"
}
]
}
} }

32
2018/6xxx/CVE-2018-6663.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6663", "ID": "CVE-2018-6663",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/7xxx/CVE-2018-7233.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-03-01T00:00:00", "DATE_PUBLIC": "2018-03-01T00:00:00",
"ID" : "CVE-2018-7233", "ID": "CVE-2018-7233",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Pelco Sarix Professional", "product_name": "Pelco Sarix Professional",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "all firmware versions prior to 3.29.73" "version_value": "all firmware versions prior to 3.29.73"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/" "lang": "eng",
} "value": "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/"
}
]
}
} }

130
2018/7xxx/CVE-2018-7515.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-24T00:00:00", "DATE_PUBLIC": "2018-05-24T00:00:00",
"ID" : "CVE-2018-7515", "ID": "CVE-2018-7515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BeaconMedæs TotalAlert Scroll Medical Air Systems web application", "product_name": "BeaconMedæs TotalAlert Scroll Medical Air Systems web application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to version 4107600010.23" "version_value": "All versions prior to version 4107600010.23"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" "lang": "eng",
}, "value": "In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed packets."
{ }
"name" : "103394", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103394" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103394"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
}
]
}
} }

32
2018/7xxx/CVE-2018-7694.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7694", "ID": "CVE-2018-7694",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/7xxx/CVE-2018-7772.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00", "DATE_PUBLIC": "2018-04-05T00:00:00",
"ID" : "CVE-2018-7772", "ID": "CVE-2018-7772",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "U.Motion", "product_name": "U.Motion",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4" "version_value": "U.motion Builder Software, all versions prior to v1.3.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/" "lang": "eng",
} "value": "The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
} }

32
2018/7xxx/CVE-2018-7848.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7848", "ID": "CVE-2018-7848",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/8xxx/CVE-2018-8117.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8117", "ID": "CVE-2018-8117",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Wireless Keyboard 850", "product_name": "Microsoft Wireless Keyboard 850",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Wireless Keyboard 850" "version_value": "Microsoft Wireless Keyboard 850"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117" "lang": "eng",
}, "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
{ }
"name" : "103711", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103711" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103711"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
}
]
}
} }

32
2018/8xxx/CVE-2018-8640.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8640", "ID": "CVE-2018-8640",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/8xxx/CVE-2018-8679.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8679", "ID": "CVE-2018-8679",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }