admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:35:54 +00:00
parent 57dcf80038
commit b099783878
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 5101 additions and 5101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2005/0xxx/CVE-2005-0893.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0893", "ID": "CVE-2005-0893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050325 smail remote and local root holes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111177045217717&w=2" "lang": "eng",
} "value": "modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050325 smail remote and local root holes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111177045217717&w=2"
}
]
}
}

170
2005/0xxx/CVE-2005-0925.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0925", "ID": "CVE-2005-0925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050329 [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111214393101387&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
{ }
"name" : "http://www.persianhacker.net/news/news-2945.html", ]
"refsource" : "MISC", },
"url" : "http://www.persianhacker.net/news/news-2945.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12931", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12931" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15121", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/15121" ]
}, },
{ "references": {
"name" : "1013603", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013603" "name": "1013603",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1013603"
"name" : "14725", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14725" "name": "12931",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/12931"
} },
} {
"name": "http://www.persianhacker.net/news/news-2945.html",
"refsource": "MISC",
"url": "http://www.persianhacker.net/news/news-2945.html"
},
{
"name": "15121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15121"
},
{
"name": "20050329 [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111214393101387&w=2"
},
{
"name": "14725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14725"
}
]
}
}

180
2005/1xxx/CVE-2005-1467.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-1467", "ID": "CVE-2005-1467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html" "lang": "eng",
}, "value": "Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors."
{ }
"name" : "http://www.ethereal.com/news/item_20050504_01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ethereal.com/news/item_20050504_01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLSA-2005:963", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FLSA-2006:152922", ]
"refsource" : "FEDORA", }
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" ]
}, },
{ "references": {
"name" : "RHSA-2005:427", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html" "name": "13504",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/13504"
"name" : "13504", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13504" "name": "RHSA-2005:427",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-427.html"
"name" : "oval:org.mitre.oval:def:9654", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9654" "name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html",
} "refsource": "CONFIRM",
] "url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html"
} },
} {
"name": "oval:org.mitre.oval:def:9654",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9654"
},
{
"name": "FLSA-2006:152922",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html"
},
{
"name": "CLSA-2005:963",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963"
},
{
"name": "http://www.ethereal.com/news/item_20050504_01.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/news/item_20050504_01.html"
}
]
}
}

130
2005/2xxx/CVE-2005-2585.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2585", "ID": "CVE-2005-2585",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050813 Low security hole affecting Mentor's ADSLFR4II router", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112394620905095&w=2" "lang": "eng",
}, "value": "Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan."
{ }
"name" : "14557", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14557" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14557"
},
{
"name": "20050813 Low security hole affecting Mentor's ADSLFR4II router",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112394620905095&w=2"
}
]
}
}

140
2005/3xxx/CVE-2005-3048.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3048", "ID": "CVE-2005-3048",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112749230124091&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file."
{ }
"name" : "http://rgod.altervista.org/phpmyfuck151.html", ]
"refsource" : "MISC", },
"url" : "http://rgod.altervista.org/phpmyfuck151.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19672", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19672" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19672",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19672"
},
{
"name": "http://rgod.altervista.org/phpmyfuck151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/phpmyfuck151.html"
},
{
"name": "20050922 PhpMyFAQ 1.5.1 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112749230124091&w=2"
}
]
}
}

200
2005/3xxx/CVE-2005-3324.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3324", "ID": "CVE-2005-3324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://rgod.altervista.org/mwchat.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://rgod.altervista.org/mwchat.html" "lang": "eng",
}, "value": "SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter."
{ }
"name" : "http://www.hackerscenter.com/Archive/view.asp?id=19537", ]
"refsource" : "MISC", },
"url" : "http://www.hackerscenter.com/Archive/view.asp?id=19537" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://appindex.net/products/changelog/?product=mwchat&version=6.9", "description": [
"refsource" : "CONFIRM", {
"url" : "http://appindex.net/products/changelog/?product=mwchat&version=6.9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15198", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15198" ]
}, },
{ "references": {
"name" : "ADV-2005-2180", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2180" "name": "mwchat-chat-sql-injection(22845)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22845"
"name" : "20266", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20266" "name": "http://appindex.net/products/changelog/?product=mwchat&version=6.9",
}, "refsource": "CONFIRM",
{ "url": "http://appindex.net/products/changelog/?product=mwchat&version=6.9"
"name" : "1015094", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015094" "name": "15198",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15198"
"name" : "17303", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17303" "name": "ADV-2005-2180",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2180"
"name" : "mwchat-chat-sql-injection(22845)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22845" "name": "http://www.hackerscenter.com/Archive/view.asp?id=19537",
} "refsource": "MISC",
] "url": "http://www.hackerscenter.com/Archive/view.asp?id=19537"
} },
} {
"name": "20266",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20266"
},
{
"name": "1015094",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015094"
},
{
"name": "http://rgod.altervista.org/mwchat.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/mwchat.html"
},
{
"name": "17303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17303"
}
]
}
}

150
2005/3xxx/CVE-2005-3548.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3548", "ID": "CVE-2005-3548",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/415798/30/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the \"Task PHP File To Run\" field."
{ }
"name" : "35429", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/35429" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17443", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17443" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ipb-taskmanager-directory-traversal(40000)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000" ]
} },
] "references": {
} "reference_data": [
} {
"name": "17443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20051104 Invision Power Board Privilege Esaclation (2.0.1 + more)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415798/30/0/threaded"
},
{
"name": "35429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35429"
},
{
"name": "ipb-taskmanager-directory-traversal(40000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40000"
}
]
}
}

490
2005/3xxx/CVE-2005-3628.json
View File

@ -1,247 +1,247 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-3628", "ID": "CVE-2005-3628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-931", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-931" "lang": "eng",
}, "value": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors."
{ }
"name" : "DSA-932", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-932" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-937", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-937" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-938", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2005/dsa-938" ]
}, },
{ "references": {
"name" : "DSA-940", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-940" "name": "DSA-932",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-932"
"name" : "DSA-936", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-936" "name": "18147",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18147"
"name" : "DSA-950", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-950" "name": "18679",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18679"
"name" : "DSA-961", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-961" "name": "DSA-931",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-931"
"name" : "DSA-962", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-962" "name": "19230",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19230"
"name" : "FLSA:175404", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" "name": "MDKSA-2006:012",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012"
"name" : "FLSA-2006:176751", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" "name": "DSA-962",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-962"
"name" : "MDKSA-2006:010", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" "name": "DSA-937",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-937"
"name" : "MDKSA-2006:012", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" "name": "18398",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18398"
"name" : "MDKSA-2006:011", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" "name": "FLSA-2006:176751",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded"
"name" : "RHSA-2006:0160", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html" "name": "SUSE-SA:2006:001",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html"
"name" : "20060201-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" "name": "DSA-936",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-936"
"name" : "SSA:2006-045-04", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" "name": "18674",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18674"
"name" : "SSA:2006-045-09", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" "name": "18436",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18436"
"name" : "SUSE-SA:2006:001", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" "name": "oval:org.mitre.oval:def:10287",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287"
"name" : "oval:org.mitre.oval:def:10287", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10287" "name": "18428",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18428"
"name" : "18387", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18387" "name": "18380",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18380"
"name" : "18416", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18416" "name": "18416",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18416"
"name" : "18385", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18385" "name": "18407",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18407"
"name" : "18389", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18389" "name": "18582",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18582"
"name" : "18398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18398" "name": "18534",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18534"
"name" : "18407", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18407" "name": "SSA:2006-045-09",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683"
"name" : "18534", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18534" "name": "18908",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18908"
"name" : "18582", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18582" "name": "20060201-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
"name" : "18674", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18674" "name": "RHSA-2006:0160",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html"
"name" : "18675", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18675" "name": "MDKSA-2006:010",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010"
"name" : "18679", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18679" "name": "DSA-940",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-940"
"name" : "18908", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18908" "name": "18389",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18389"
"name" : "18913", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18913" "name": "SSA:2006-045-04",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747"
"name" : "19230", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19230" "name": "FLSA:175404",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded"
"name" : "18147", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18147" "name": "DSA-961",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-961"
"name" : "18380", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18380" "name": "18675",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18675"
"name" : "18428", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18428" "name": "18913",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18913"
"name" : "18436", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18436" "name": "DSA-938",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2005/dsa-938"
} },
} {
"name": "DSA-950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-950"
},
{
"name": "18387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18387"
},
{
"name": "MDKSA-2006:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011"
},
{
"name": "18385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18385"
}
]
}
}

200
2005/3xxx/CVE-2005-3683.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3683", "ID": "CVE-2005-3683",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051116 freeftpd USER bufferoverflow", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=113213763821294&w=2" "lang": "eng",
}, "value": "Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command."
{ }
"name" : "20051116 re: freeftpd USER bufferoverflow", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=113216611924774&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://freeftpd.com/?ctt=changelog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://freeftpd.com/?ctt=changelog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15457", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15457" ]
}, },
{ "references": {
"name" : "ADV-2005-2458", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2458" "name": "1015230",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015230"
"name" : "20909", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20909" "name": "17583",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17583"
"name" : "1015230", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015230" "name": "freeftpd-multiple-command-bo(23118)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118"
"name" : "17583", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17583" "name": "ADV-2005-2458",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2458"
"name" : "freeftpd-multiple-command-bo(23118)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23118" "name": "20909",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/20909"
} },
} {
"name": "20051116 freeftpd USER bufferoverflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113213763821294&w=2"
},
{
"name": "20051116 re: freeftpd USER bufferoverflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113216611924774&w=2"
},
{
"name": "http://freeftpd.com/?ctt=changelog",
"refsource": "CONFIRM",
"url": "http://freeftpd.com/?ctt=changelog"
},
{
"name": "15457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15457"
}
]
}
}

160
2005/3xxx/CVE-2005-3873.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3873", "ID": "CVE-2005-3873",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html" "lang": "eng",
}, "value": "SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter."
{ }
"name" : "15592", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15592" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2612", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2612" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21138", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21138" ]
}, },
{ "references": {
"name" : "17735", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17735" "name": "15592",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15592"
} },
} {
"name": "17735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17735"
},
{
"name": "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/shockboard-sql-inj-vuln.html"
},
{
"name": "ADV-2005-2612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2612"
},
{
"name": "21138",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21138"
}
]
}
}

130
2005/4xxx/CVE-2005-4156.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4156", "ID": "CVE-2005-4156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.procheckup.com/Vulner_PR0511.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.procheckup.com/Vulner_PR0511.php" "lang": "eng",
}, "value": "Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character."
{ }
"name" : "1015176", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/alerts/2005/Nov/1015176.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/Vulner_PR0511.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_PR0511.php"
},
{
"name": "1015176",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015176.html"
}
]
}
}

170
2005/4xxx/CVE-2005-4177.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4177", "ID": "CVE-2005-4177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter."
{ }
"name" : "15805", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15805" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2832", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2832" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21529", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21529" ]
}, },
{ "references": {
"name" : "17982", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17982" "name": "ADV-2005-2832",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2832"
"name" : "magicbookprofessional-book-xss(23521)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23521" "name": "17982",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/17982"
} },
} {
"name": "magicbookprofessional-book-xss(23521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23521"
},
{
"name": "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html"
},
{
"name": "21529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21529"
},
{
"name": "15805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15805"
}
]
}
}

150
2005/4xxx/CVE-2005-4297.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4297", "ID": "CVE-2005-4297",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the \"keys\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the \"keys\" parameter."
{ }
"name" : "15884", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15884" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2935", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2935" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18091", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18091" ]
} },
] "references": {
} "reference_data": [
} {
"name": "15884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15884"
},
{
"name": "ADV-2005-2935",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2935"
},
{
"name": "18091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18091"
},
{
"name": "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/bbboard-v2-xss-vuln.html"
}
]
}
}

160
2005/4xxx/CVE-2005-4587.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4587", "ID": "CVE-2005-4587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051227 Juniper NSM remote Denial Of Service", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1281.html" "lang": "eng",
}, "value": "Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port)."
{ }
"name" : "16075", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16075" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22047", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22047" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015417", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015417" ]
}, },
{ "references": {
"name" : "18232", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18232" "name": "16075",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16075"
} },
} {
"name": "20051227 Juniper NSM remote Denial Of Service",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1281.html"
},
{
"name": "22047",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22047"
},
{
"name": "1015417",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015417"
},
{
"name": "18232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18232"
}
]
}
}

130
2005/4xxx/CVE-2005-4648.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4648", "ID": "CVE-2005-4648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html" "lang": "eng",
}, "value": "Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue."
{ }
"name" : "1015415", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1015415" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html",
"refsource": "MISC",
"url": "http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html"
},
{
"name": "1015415",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015415"
}
]
}
}

130
2005/4xxx/CVE-2005-4689.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4689", "ID": "CVE-2005-4689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051103 Buggy blogging", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html" "lang": "eng",
}, "value": "Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie."
{ }
"name" : "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051103 Buggy blogging",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html"
},
{
"name": "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html",
"refsource": "CONFIRM",
"url": "http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html"
}
]
}
}

34
2009/0xxx/CVE-2009-0044.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0044", "ID": "CVE-2009-0044",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2009/0xxx/CVE-2009-0051.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0051", "ID": "CVE-2009-0051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded" "lang": "eng",
}, "value": "ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077."
{ }
"name" : "http://www.ocert.org/advisories/ocert-2008-016.html", ]
"refsource" : "MISC", },
"url" : "http://www.ocert.org/advisories/ocert-2008-016.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openssl-dsa-verify-security-bypass(47837)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "openssl-dsa-verify-security-bypass(47837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837"
},
{
"name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-016.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
}
]
}
}

140
2009/0xxx/CVE-2009-0274.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0274", "ID": "CVE-2009-0274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/viewContent.do?externalId=7002322", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=7002322" "lang": "eng",
}, "value": "Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 might allow remote attackers to obtain sensitive information via a crafted URL, related to conversion of POST requests to GET requests."
{ }
"name" : "33559", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33559" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33744", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33744" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "33744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33744"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7002322",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7002322"
},
{
"name": "33559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33559"
}
]
}
}

170
2009/0xxx/CVE-2009-0288.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0288", "ID": "CVE-2009-0288",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090115 TFTPUtil GUI TFTP Directory Traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500106/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request."
{ }
"name" : "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal", ]
"refsource" : "MISC", },
"url" : "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/forum/forum.php?forum_id=894598", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/forum/forum.php?forum_id=894598" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33287", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33287" ]
}, },
{ "references": {
"name" : "33561", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33561" "name": "20090115 TFTPUtil GUI TFTP Directory Traversal",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/500106/100/0/threaded"
"name" : "tftputil-tftpget-directory-traversal(48019)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48019" "name": "33561",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/33561"
} },
} {
"name": "http://sourceforge.net/forum/forum.php?forum_id=894598",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=894598"
},
{
"name": "33287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33287"
},
{
"name": "tftputil-tftpget-directory-traversal(48019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48019"
},
{
"name": "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal",
"refsource": "MISC",
"url": "http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal"
}
]
}
}

480
2009/0xxx/CVE-2009-0696.json
View File

@ -1,242 +1,242 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2009-0696", "ID": "CVE-2009-0696",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090729 rPSA-2009-0113-1 bind bind-utils", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/505403/100/0/threaded" "lang": "eng",
}, "value": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009."
{ }
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.isc.org/node/474", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.isc.org/node/474" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0113", ]
"refsource" : "CONFIRM", }
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0113" ]
}, },
{ "references": {
"name" : "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc" "name": "36035",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36035"
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975" "name": "36063",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36063"
"name" : "http://up2date.astaro.com/2009/08/up2date_7505_released.html", },
"refsource" : "CONFIRM", {
"url" : "http://up2date.astaro.com/2009/08/up2date_7505_released.html" "name": "ADV-2009-2171",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2171"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "name": "36056",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36056"
"name" : "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt", },
"refsource" : "CONFIRM", {
"url" : "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt" "name": "36038",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36038"
"name" : "FEDORA-2009-8119", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html" "name": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc",
}, "refsource": "CONFIRM",
{ "url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc"
"name" : "NetBSD-SA2009-013", },
"refsource" : "NETBSD", {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc" "name": "VU#725188",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/725188"
"name" : "[4.4] 014: RELIABILITY FIX: July 29, 2009", },
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata44.html#014_bind" "name": "37471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37471"
"name" : "SSA:2009-210-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499" "name": "36050",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36050"
"name" : "264828", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1" "name": "[4.4] 014: RELIABILITY FIX: July 29, 2009",
}, "refsource": "OPENBSD",
{ "url": "http://www.openbsd.org/errata44.html#014_bind"
"name" : "1020788", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1" "name": "20090729 rPSA-2009-0113-1 bind bind-utils",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/505403/100/0/threaded"
"name" : "USN-808-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-808-1" "name": "36192",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36192"
"name" : "VU#725188", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/725188" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"name" : "oval:org.mitre.oval:def:10414", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414" "name": "ADV-2009-2088",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2088"
"name" : "oval:org.mitre.oval:def:7806", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806" "name": "1022613",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022613"
"name" : "oval:org.mitre.oval:def:12245", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245" "name": "https://www.isc.org/node/474",
}, "refsource": "CONFIRM",
{ "url": "https://www.isc.org/node/474"
"name" : "1022613", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022613" "name": "1020788",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1"
"name" : "36053", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36053" "name": "ADV-2009-2247",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2247"
"name" : "36038", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36038" "name": "oval:org.mitre.oval:def:7806",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806"
"name" : "36050", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36050" "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"name" : "36056", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36056" "name": "39334",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39334"
"name" : "36063", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36063" "name": "ADV-2009-2036",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2036"
"name" : "36086", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36086" "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0113",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0113"
"name" : "36098", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36098" "name": "36098",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36098"
"name" : "36192", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36192" "name": "oval:org.mitre.oval:def:10414",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414"
"name" : "36035", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36035" "name": "http://up2date.astaro.com/2009/08/up2date_7505_released.html",
}, "refsource": "CONFIRM",
{ "url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"
"name" : "37471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37471" "name": "USN-808-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-808-1"
"name" : "39334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39334" "name": "36086",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36086"
"name" : "ADV-2009-2036", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2036" "name": "FEDORA-2009-8119",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html"
"name" : "ADV-2009-2088", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2088" "name": "oval:org.mitre.oval:def:12245",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245"
"name" : "ADV-2009-2171", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2171" "name": "36053",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36053"
"name" : "ADV-2009-2247", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2247" "name": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt"
"name" : "ADV-2009-3316", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3316" "name": "SSA:2009-210-01",
} "refsource": "SLACKWARE",
] "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499"
} },
} {
"name": "NetBSD-SA2009-013",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975"
},
{
"name": "264828",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1"
}
]
}
}

130
2009/0xxx/CVE-2009-0740.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0740", "ID": "CVE-2009-0740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8035", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8035" "lang": "eng",
}, "value": "SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters."
{ }
"name" : "33725", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33725" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8035",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8035"
},
{
"name": "33725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33725"
}
]
}
}

260
2009/0xxx/CVE-2009-0778.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-0778", "ID": "CVE-2009-0778",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" "lang": "eng",
}, "value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\""
{ }
"name" : "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2009/03/11/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=485163", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=485163" "name": "RHSA-2009:0326",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "name": "37471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37471"
"name" : "RHSA-2009:0326", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0326.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
"name" : "34084", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34084" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"name" : "oval:org.mitre.oval:def:10215", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215" "name": "33758",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33758"
"name" : "oval:org.mitre.oval:def:7867", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867" "name": "oval:org.mitre.oval:def:10215",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
"name" : "1021958", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021958" "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"name" : "33758", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33758" "name": "oval:org.mitre.oval:def:7867",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
"name" : "37471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37471" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
"name" : "ADV-2009-3316", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3316" "name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2009/03/11/2"
"name" : "linux-kernel-rtcache-dos(49199)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199" "name": "1021958",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1021958"
} },
} {
"name": "linux-kernel-rtcache-dos(49199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=485163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "34084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34084"
}
]
}
}

160
2009/2xxx/CVE-2009-2039.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2039", "ID": "CVE-2009-2039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders."
{ }
"name" : "http://addons.oscommerce.com/info/3698", ]
"refsource" : "CONFIRM", },
"url" : "http://addons.oscommerce.com/info/3698" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35191", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35191" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35291", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35291" ]
}, },
{ "references": {
"name" : "luottokunta-unspecified-security-bypass(50925)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50925" "name": "luottokunta-unspecified-security-bypass(50925)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50925"
} },
} {
"name": "http://addons.oscommerce.com/info/3698",
"refsource": "CONFIRM",
"url": "http://addons.oscommerce.com/info/3698"
},
{
"name": "35191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35191"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html"
},
{
"name": "35291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35291"
}
]
}
}

370
2009/2xxx/CVE-2009-2848.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2848", "ID": "CVE-2009-2848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" "lang": "eng",
}, "value": "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit."
{ }
"name" : "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/512019/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[linux-kernel] 20090801 [PATCH v2] execve: must clear current->clear_child_tid", "description": [
"refsource" : "MLIST", {
"url" : "http://article.gmane.org/gmane.linux.kernel/871942" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20090804 CVE request - kernel: execve: must clear current->clear_child_tid", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2009/08/04/2" ]
}, },
{ "references": {
"name" : "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current->clear_child_tid", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/08/05/10" "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "name": "37471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37471"
"name" : "FEDORA-2009-9044", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" "name": "USN-852-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-852-1"
"name" : "RHSA-2009:1438", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1438.html" "name": "RHSA-2009:1243",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
"name" : "RHSA-2009:1550", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1550.html" "name": "36759",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36759"
"name" : "RHSA-2009:1243", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1243.html" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"name" : "SUSE-SA:2009:054", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html" "name": "37351",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37351"
"name" : "SUSE-SA:2009:056", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html" "name": "SUSE-SA:2009:056",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
"name" : "SUSE-SA:2010:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" "name": "SUSE-SA:2010:012",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
"name" : "USN-852-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-852-1" "name": "oval:org.mitre.oval:def:9766",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766"
"name" : "oval:org.mitre.oval:def:11412", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412" "name": "oval:org.mitre.oval:def:11412",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412"
"name" : "oval:org.mitre.oval:def:8598", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598" "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"name" : "oval:org.mitre.oval:def:9766", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766" "name": "36562",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36562"
"name" : "35983", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35983" "name": "FEDORA-2009-9044",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
"name" : "36501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36501" "name": "kernel-execve-dos(52899)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899"
"name" : "36759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36759" "name": "[linux-kernel] 20090801 [PATCH v2] execve: must clear current->clear_child_tid",
}, "refsource": "MLIST",
{ "url": "http://article.gmane.org/gmane.linux.kernel/871942"
"name" : "37351", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37351" "name": "35983",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35983"
"name" : "37471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37471" "name": "RHSA-2009:1550",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
"name" : "37105", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37105" "name": "36501",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36501"
"name" : "36562", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36562" "name": "oval:org.mitre.oval:def:8598",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598"
"name" : "ADV-2009-3316", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3316" "name": "[oss-security] 20090804 CVE request - kernel: execve: must clear current->clear_child_tid",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/08/04/2"
"name" : "kernel-execve-dos(52899)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899" "name": "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current->clear_child_tid",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2009/08/05/10"
} },
} {
"name": "RHSA-2009:1438",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name": "SUSE-SA:2009:054",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37105"
}
]
}
}

140
2009/3xxx/CVE-2009-3273.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3273", "ID": "CVE-2009-3273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090911 iphone email client does not validate ssl certificates", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/506428/100/0/threaded" "lang": "eng",
}, "value": "iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate."
{ }
"name" : "36370", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36370" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ipod-iphone-ssl-spoofing(53234)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53234" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ipod-iphone-ssl-spoofing(53234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53234"
},
{
"name": "36370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36370"
},
{
"name": "20090911 iphone email client does not validate ssl certificates",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506428/100/0/threaded"
}
]
}
}

140
2009/3xxx/CVE-2009-3544.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3544", "ID": "CVE-2009-3544",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9649", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9649" "lang": "eng",
}, "value": "Xerver HTTP Server 4.32 allows remote attackers to obtain the source code for a web page via an HTTP request with the addition of ::$DATA after the HTML file name."
{ }
"name" : "58104", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/58104" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36681", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36681" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "36681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36681"
},
{
"name": "58104",
"refsource": "OSVDB",
"url": "http://osvdb.org/58104"
},
{
"name": "9649",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9649"
}
]
}
}

34
2009/3xxx/CVE-2009-3740.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3740", "ID": "CVE-2009-3740",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2009/3xxx/CVE-2009-3836.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3836", "ID": "CVE-2009-3836",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.arubanetworks.com/support/alerts/aid-102609.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.arubanetworks.com/support/alerts/aid-102609.asc" "lang": "eng",
}, "value": "ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame."
{ }
"name" : "36832", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36832" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37085", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37085" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-3051", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/3051" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.arubanetworks.com/support/alerts/aid-102609.asc",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-102609.asc"
},
{
"name": "ADV-2009-3051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3051"
},
{
"name": "36832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36832"
},
{
"name": "37085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37085"
}
]
}
}

170
2009/3xxx/CVE-2009-3960.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2009-3960", "ID": "CVE-2009-3960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41855", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41855/" "lang": "eng",
}, "value": "Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-05.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-05.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38197", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38197" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "62292", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/62292" ]
}, },
{ "references": {
"name" : "1023584", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023584" "name": "38197",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/38197"
"name" : "38543", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38543" "name": "1023584",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1023584"
} },
} {
"name": "62292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62292"
},
{
"name": "38543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38543"
},
{
"name": "41855",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41855/"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-05.html"
}
]
}
}

150
2009/4xxx/CVE-2009-4226.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4226", "ID": "CVE-2009-4226",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0" "lang": "eng",
}, "value": "Race condition in the IP module in the kernel in Sun OpenSolaris snv_106 through snv_124 allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors related to the (1) tcp_do_getsockname or (2) tcp_do_getpeername function."
{ }
"name" : "268189", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268189-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-3413", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3413" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "solaris-ipkernel-dos(54574)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54574" ]
} },
] "references": {
} "reference_data": [
} {
"name": "solaris-ipkernel-dos(54574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54574"
},
{
"name": "ADV-2009-3413",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3413"
},
{
"name": "268189",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268189-1"
},
{
"name": "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0",
"refsource": "CONFIRM",
"url": "http://opensolaris.org/jive/thread.jspa?messageID=415069&tstart=0"
}
]
}
}

150
2009/4xxx/CVE-2009-4797.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4797", "ID": "CVE-2009-4797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8318", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8318" "lang": "eng",
}, "value": "SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter."
{ }
"name" : "http://e-rdc.org/v1/news.php?readmore=132", ]
"refsource" : "MISC", },
"url" : "http://e-rdc.org/v1/news.php?readmore=132" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34300", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34300" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34532", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/34532" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://e-rdc.org/v1/news.php?readmore=132",
"refsource": "MISC",
"url": "http://e-rdc.org/v1/news.php?readmore=132"
},
{
"name": "34532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34532"
},
{
"name": "8318",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8318"
},
{
"name": "34300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34300"
}
]
}
}

170
2012/2xxx/CVE-2012-2203.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-2203", "ID": "CVE-2012-2203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606145", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606145" "lang": "eng",
}, "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate."
{ }
"name" : "IV31973", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV31975", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54743", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/54743" ]
}, },
{ "references": {
"name" : "51279", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51279" "name": "rds-gskit-pkcs-spoofing(77280)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280"
"name" : "rds-gskit-pkcs-spoofing(77280)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77280" "name": "51279",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/51279"
} },
} {
"name": "IV31975",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31975"
},
{
"name": "54743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54743"
},
{
"name": "IV31973",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31973"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"
}
]
}
}

34
2012/2xxx/CVE-2012-2222.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2222", "ID": "CVE-2012-2222",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2015/0xxx/CVE-2015-0202.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-0202", "ID": "CVE-2015-0202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt" "lang": "eng",
}, "value": "The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes."
{ }
"name" : "GLSA-201610-05", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201610-05" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2015:192", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:192" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2015:0672", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html" ]
}, },
{ "references": {
"name" : "USN-2721-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2721-1" "name": "76446",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/76446"
"name" : "76446", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76446" "name": "MDVSA-2015:192",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:192"
"name" : "1032100", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032100" "name": "1032100",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1032100"
} },
} {
"name": "USN-2721-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2721-1"
},
{
"name": "openSUSE-SU-2015:0672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html"
},
{
"name": "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt",
"refsource": "CONFIRM",
"url": "http://subversion.apache.org/security/CVE-2015-0202-advisory.txt"
},
{
"name": "GLSA-201610-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-05"
}
]
}
}

320
2015/0xxx/CVE-2015-0460.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0460", "ID": "CVE-2015-0460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot."
{ }
"name" : "http://advisories.mageia.org/MGASA-2015-0158.html", ]
"refsource" : "CONFIRM", },
"url" : "http://advisories.mageia.org/MGASA-2015-0158.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3234", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3234" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3235", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2015/dsa-3235" ]
}, },
{ "references": {
"name" : "DSA-3316", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3316" "name": "RHSA-2015:0857",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html"
"name" : "GLSA-201603-11", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-11" "name": "DSA-3235",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3235"
"name" : "MDVSA-2015:212", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212" "name": "RHSA-2015:0806",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0806.html"
"name" : "RHSA-2015:0806", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0806.html" "name": "http://advisories.mageia.org/MGASA-2015-0158.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2015-0158.html"
"name" : "RHSA-2015:0807", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0807.html" "name": "SUSE-SU-2015:0833",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html"
"name" : "RHSA-2015:0808", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0808.html" "name": "MDVSA-2015:212",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212"
"name" : "RHSA-2015:0809", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0809.html" "name": "74097",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/74097"
"name" : "RHSA-2015:0854", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html" "name": "DSA-3316",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3316"
"name" : "RHSA-2015:0857", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
"name" : "RHSA-2015:0858", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html" "name": "1032120",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032120"
"name" : "openSUSE-SU-2015:0773", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html" "name": "GLSA-201603-11",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201603-11"
"name" : "openSUSE-SU-2015:0774", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html" "name": "openSUSE-SU-2015:0773",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"
"name" : "SUSE-SU-2015:0833", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html" "name": "DSA-3234",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3234"
"name" : "USN-2573-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2573-1" "name": "USN-2573-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2573-1"
"name" : "USN-2574-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2574-1" "name": "RHSA-2015:0807",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0807.html"
"name" : "74097", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74097" "name": "RHSA-2015:0858",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html"
"name" : "1032120", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032120" "name": "RHSA-2015:0808",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-0808.html"
} },
} {
"name": "USN-2574-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2574-1"
},
{
"name": "RHSA-2015:0809",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html"
},
{
"name": "openSUSE-SU-2015:0774",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html"
},
{
"name": "RHSA-2015:0854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"
}
]
}
}

200
2015/1xxx/CVE-2015-1291.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1291", "ID": "CVE-2015-1291",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html" "lang": "eng",
}, "value": "The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=516377", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=516377" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/blink?revision=200098&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/blink?revision=200098&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3351", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2015/dsa-3351" ]
}, },
{ "references": {
"name" : "GLSA-201603-09", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-09" "name": "openSUSE-SU-2015:1873",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html"
"name" : "RHSA-2015:1712", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html" "name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html"
"name" : "openSUSE-SU-2015:1873", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html" "name": "https://src.chromium.org/viewvc/blink?revision=200098&view=revision",
}, "refsource": "CONFIRM",
{ "url": "https://src.chromium.org/viewvc/blink?revision=200098&view=revision"
"name" : "openSUSE-SU-2015:1586", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html" "name": "RHSA-2015:1712",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html"
"name" : "1033472", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033472" "name": "1033472",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1033472"
} },
} {
"name": "openSUSE-SU-2015:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html"
},
{
"name": "DSA-3351",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3351"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=516377",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=516377"
}
]
}
}

34
2015/1xxx/CVE-2015-1664.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-1664", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-1664",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

120
2015/1xxx/CVE-2015-1995.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1995", "ID": "CVE-2015-1995",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968326", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968326" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968326",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968326"
}
]
}
}

150
2015/5xxx/CVE-2015-5106.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-5106", "ID": "CVE-2015-5106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5090."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-370", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-370" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-4446 and CVE-2015-5090."
{ }
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "75743", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75743" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032892", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032892" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-370",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-370"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name": "75743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75743"
}
]
}
}

460
2015/5xxx/CVE-2015-5174.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5174", "ID": "CVE-2015-5174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2016/Feb/149" "lang": "eng",
}, "value": "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory."
{ }
"name" : "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1696281", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1696281" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1696284", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1696284" ]
}, },
{ "references": {
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1700897", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1700897" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1700898", },
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1700898" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1700900", },
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1700900" "name": "GLSA-201705-09",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201705-09"
"name" : "http://tomcat.apache.org/security-6.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-6.html" "name": "http://svn.apache.org/viewvc?view=revision&revision=1700900",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=1700900"
"name" : "http://tomcat.apache.org/security-7.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-7.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
"name" : "http://tomcat.apache.org/security-8.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-8.html" "name": "openSUSE-SU-2016:0865",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442" "name": "USN-3024-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3024-1"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626" "name": "SUSE-SU-2016:0769",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964" "name": "RHSA-2016:2045",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" "name": "DSA-3530",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3530"
"name" : "https://bto.bluecoat.com/security-advisory/sa118", },
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa118" "name": "http://tomcat.apache.org/security-7.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-7.html"
"name" : "https://security.netapp.com/advisory/ntap-20180531-0001/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180531-0001/" "name": "HPSBUX03561",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=145974991225029&w=2"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "name": "http://svn.apache.org/viewvc?view=revision&revision=1696284",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=1696284"
"name" : "DSA-3530", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3530" "name": "http://tomcat.apache.org/security-8.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-8.html"
"name" : "DSA-3609", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3609" "name": "RHSA-2016:1434",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1434"
"name" : "DSA-3552", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3552" "name": "http://svn.apache.org/viewvc?view=revision&revision=1700898",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=1700898"
"name" : "GLSA-201705-09", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201705-09" "name": "1035070",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035070"
"name" : "HPSBUX03561", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=145974991225029&w=2" "name": "https://bto.bluecoat.com/security-advisory/sa118",
}, "refsource": "CONFIRM",
{ "url": "https://bto.bluecoat.com/security-advisory/sa118"
"name" : "RHSA-2016:1433", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1433" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"
"name" : "RHSA-2016:1434", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1434" "name": "RHSA-2016:1433",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1433"
"name" : "RHSA-2016:1435", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1435.html" "name": "https://security.netapp.com/advisory/ntap-20180531-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180531-0001/"
"name" : "RHSA-2016:2045", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2045.html" "name": "http://tomcat.apache.org/security-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-6.html"
"name" : "RHSA-2016:1432", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1432" "name": "83329",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/83329"
"name" : "RHSA-2016:2599", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2599.html" "name": "RHSA-2016:1432",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1432"
"name" : "SUSE-SU-2016:0769", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html" "name": "SUSE-SU-2016:0822",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"
"name" : "SUSE-SU-2016:0822", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html" "name": "RHSA-2016:2599",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
"name" : "SUSE-SU-2016:0839", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html" "name": "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
}, "refsource": "BUGTRAQ",
{ "url": "http://seclists.org/bugtraq/2016/Feb/149"
"name" : "openSUSE-SU-2016:0865", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html" "name": "DSA-3609",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3609"
"name" : "USN-3024-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3024-1" "name": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html"
"name" : "83329", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/83329" "name": "SUSE-SU-2016:0839",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"
"name" : "1035070", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035070" "name": "http://svn.apache.org/viewvc?view=revision&revision=1696281",
} "refsource": "CONFIRM",
] "url": "http://svn.apache.org/viewvc?view=revision&revision=1696281"
} },
} {
"name": "http://svn.apache.org/viewvc?view=revision&revision=1700897",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1700897"
},
{
"name": "RHSA-2016:1435",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"
},
{
"name": "DSA-3552",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3552"
}
]
}
}

150
2015/5xxx/CVE-2015-5510.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5510", "ID": "CVE-2015-5510",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" "lang": "eng",
}, "value": "Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages."
{ }
"name" : "https://www.drupal.org/node/2507753", ]
"refsource" : "MISC", },
"url" : "https://www.drupal.org/node/2507753" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.drupal.org/node/2507763", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.drupal.org/node/2507763" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "75281", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/75281" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.drupal.org/node/2507753",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2507753"
},
{
"name": "75281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75281"
},
{
"name": "https://www.drupal.org/node/2507763",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2507763"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}
}

140
2015/5xxx/CVE-2015-5519.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5519", "ID": "CVE-2015-5519",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150706 WideImage Demo Code Cross Site Scripting (XSS)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jul/30" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php."
{ }
"name" : "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/p/wideimage/bugs/42/", "description": [
"refsource" : "MISC", {
"url" : "http://sourceforge.net/p/wideimage/bugs/42/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/wideimage/bugs/42/",
"refsource": "MISC",
"url": "http://sourceforge.net/p/wideimage/bugs/42/"
},
{
"name": "20150706 WideImage Demo Code Cross Site Scripting (XSS)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/30"
},
{
"name": "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132584/WideImage-11.02.19-Cross-Site-Scripting.html"
}
]
}
}

34
2015/5xxx/CVE-2015-5527.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5527", "ID": "CVE-2015-5527",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2015/5xxx/CVE-2015-5609.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5609", "ID": "CVE-2015-5609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150713 Remote file download vulnerability in Wordpress Plugin image-export v1.1", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/07/13/10" "lang": "eng",
}, "value": "Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php."
{ }
"name" : "[oss-security] 20150720 Re: Remote file download vulnerability in Wordpress Plugin image-export v1.1", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/07/21/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vapid.dhs.org/advisory.php?v=135", "description": [
"refsource" : "MISC", {
"url" : "http://www.vapid.dhs.org/advisory.php?v=135" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=135",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=135"
},
{
"name": "[oss-security] 20150720 Re: Remote file download vulnerability in Wordpress Plugin image-export v1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/21/1"
},
{
"name": "[oss-security] 20150713 Remote file download vulnerability in Wordpress Plugin image-export v1.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/13/10"
}
]
}
}

34
2015/5xxx/CVE-2015-5745.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5745", "ID": "CVE-2015-5745",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/11xxx/CVE-2018-11575.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11575", "ID": "CVE-2018-11575",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib" "lang": "eng",
}, "value": "ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg."
{ }
"name" : "https://github.com/miniupnp/ngiflib/issues/4", ]
"refsource" : "MISC", },
"url" : "https://github.com/miniupnp/ngiflib/issues/4" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/miniupnp/ngiflib/issues/4",
"refsource": "MISC",
"url": "https://github.com/miniupnp/ngiflib/issues/4"
},
{
"name": "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib",
"refsource": "MISC",
"url": "https://github.com/Edward-L/fuzzing-pocs/tree/master/ngiflib"
}
]
}
}

142
2018/3xxx/CVE-2018-3002.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3002", "ID": "CVE-2018-3002",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Cruise Fleet Management", "product_name": "Hospitality Cruise Fleet Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.x" "version_value": "9.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
{ }
"name" : "104811", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104811" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041300", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041300" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Fleet Management System executes to compromise Oracle Hospitality Cruise Fleet Management System. While the vulnerability is in Oracle Hospitality Cruise Fleet Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104811"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041300"
}
]
}
}

208
2018/3xxx/CVE-2018-3064.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3064", "ID": "CVE-2018-3064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.6.40 and prior" "version_value": "5.6.40 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.22 and prior" "version_value": "5.7.22 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.11 and prior" "version_value": "8.0.11 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
{ }
"name" : "DSA-4341", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4341" ]
}, },
{ "references": {
"name" : "RHSA-2018:3655", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3655" "name": "DSA-4341",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4341"
"name" : "USN-3725-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3725-1/" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "104776", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104776" "name": "USN-3725-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3725-1/"
"name" : "1041294", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041294" "name": "1041294",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1041294"
} },
} {
"name": "104776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104776"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html"
}
]
}
}

122
2018/3xxx/CVE-2018-3718.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3718", "ID": "CVE-2018-3718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "serve node module", "product_name": "serve node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/308721", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/308721" "lang": "eng",
} "value": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/308721",
"refsource": "MISC",
"url": "https://hackerone.com/reports/308721"
}
]
}
}

122
2018/3xxx/CVE-2018-3754.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-05-24T00:00:00", "DATE_PUBLIC": "2018-05-24T00:00:00",
"ID" : "CVE-2018-3754", "ID": "CVE-2018-3754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/311244", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/311244" "lang": "eng",
} "value": "Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/311244",
"refsource": "MISC",
"url": "https://hackerone.com/reports/311244"
}
]
}
}

130
2018/6xxx/CVE-2018-6014.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6014", "ID": "CVE-2018-6014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Subsonic v6.1.3 has an insecure allow-access-from domain=\"*\" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vulnerability-lab.com/get_content.php?id=2115", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.vulnerability-lab.com/get_content.php?id=2115" "lang": "eng",
}, "value": "Subsonic v6.1.3 has an insecure allow-access-from domain=\"*\" Flash cross-domain policy that allows an attacker to retrieve sensitive user information via a read request. To exploit this issue, an attacker must convince the user to visit a web site loaded with a SWF file created specifically to steal user data."
{ }
"name" : "https://www.youtube.com/watch?v=t3nYuhAHOMg", ]
"refsource" : "MISC", },
"url" : "https://www.youtube.com/watch?v=t3nYuhAHOMg" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2115",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2115"
},
{
"name": "https://www.youtube.com/watch?v=t3nYuhAHOMg",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=t3nYuhAHOMg"
}
]
}
}

130
2018/7xxx/CVE-2018-7113.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"ID" : "CVE-2018-7113", "ID": "CVE-2018-7113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers", "product_name": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "iLO 5 for HPE Gen10 Servers - Prior to v1.37" "version_value": "iLO 5 for HPE Gen10 Servers - Prior to v1.37"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "local bypass of security restrictions"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us" "lang": "eng",
}, "value": "A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates."
{ }
"name" : "1042010", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1042010" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "local bypass of security restrictions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042010"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03894en_us"
}
]
}
}

120
2018/7xxx/CVE-2018-7301.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7301", "ID": "CVE-2018-7301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://atomic111.github.io/article/homematic-ccu2-xml-rpc", "description_data": [
"refsource" : "MISC", {
"url" : "http://atomic111.github.io/article/homematic-ccu2-xml-rpc" "lang": "eng",
} "value": "eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://atomic111.github.io/article/homematic-ccu2-xml-rpc",
"refsource": "MISC",
"url": "http://atomic111.github.io/article/homematic-ccu2-xml-rpc"
}
]
}
}

34
2018/7xxx/CVE-2018-7385.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7385", "ID": "CVE-2018-7385",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/7xxx/CVE-2018-7661.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7661", "ID": "CVE-2018-7661",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "442322", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/442322/" "lang": "eng",
}, "value": "Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257."
{ }
"name" : "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/", ]
"refsource" : "MISC", },
"url" : "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/",
"refsource": "MISC",
"url": "https://blog.manchestergreyhats.co.uk/2018/02/25/eavesdropping-on-wifi-baby-monitor/"
},
{
"name": "442322",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/442322/"
}
]
}
}

140
2018/7xxx/CVE-2018-7800.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"ID" : "CVE-2018-7800", "ID": "CVE-2018-7800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EVLink Parking v3.2.0-12_v1 and earlier", "product_name": "EVLink Parking v3.2.0-12_v1 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "EVLink Parking v3.2.0-12_v1 and earlier" "version_value": "EVLink Parking v3.2.0-12_v1 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hard-coded Credentials"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01" "lang": "eng",
}, "value": "A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device."
{ }
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106807", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106807" "lang": "eng",
} "value": "Hard-coded Credentials"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/"
},
{
"name": "106807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106807"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01"
}
]
}
}

130
2018/8xxx/CVE-2018-8021.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2018-8021", "ID": "CVE-2018-8021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Superset", "product_name": "Superset",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 0.23" "version_value": "prior to 0.23"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "" "vendor_name": ""
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "RCE"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45933", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45933/" "lang": "eng",
}, "value": "Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation."
{ }
"name" : "https://github.com/apache/incubator-superset/pull/4243", ]
"refsource" : "MISC", },
"url" : "https://github.com/apache/incubator-superset/pull/4243" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45933",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45933/"
},
{
"name": "https://github.com/apache/incubator-superset/pull/4243",
"refsource": "MISC",
"url": "https://github.com/apache/incubator-superset/pull/4243"
}
]
}
}

554
2018/8xxx/CVE-2018-8202.json
View File

@ -1,279 +1,279 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8202", "ID": "CVE-2018-8202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft .NET Framework", "product_name": "Microsoft .NET Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" "version_value": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "3.5 on Windows 10 for 32-bit Systems" "version_value": "3.5 on Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 for x64-based Systems" "version_value": "3.5 on Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 8.1 for 32-bit systems" "version_value": "3.5 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "3.5 on Windows 8.1 for x64-based systems" "version_value": "3.5 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012" "version_value": "3.5 on Windows Server 2012"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 (Server Core installation)" "version_value": "3.5 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 R2" "version_value": "3.5 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2016" "version_value": "3.5 on Windows Server 2016"
}, },
{ {
"version_value" : "3.5 on Windows Server 2016 (Server Core installation)" "version_value": "3.5 on Windows Server 2016 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
}, },
{ {
"version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" "version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "4.5.2 on Windows 8.1 for x64-based systems" "version_value": "4.5.2 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "4.5.2 on Windows RT 8.1" "version_value": "4.5.2 on Windows RT 8.1"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012" "version_value": "4.5.2 on Windows Server 2012"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 R2" "version_value": "4.5.2 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems" "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems" "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}, },
{ {
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka \".NET Framework Elevation of Privilege Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka \".NET Framework Elevation of Privilege Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
{ }
"name" : "104665", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041257", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041257" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202"
},
{
"name": "104665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104665"
},
{
"name": "1041257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041257"
}
]
}
}

140
2018/8xxx/CVE-2018-8319.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8319", "ID": "CVE-2018-8319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Research JavaScript Cryptography Library", "product_name": "Microsoft Research JavaScript Cryptography Library",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Research JavaScript Cryptography Library" "version_value": "Microsoft Research JavaScript Cryptography Library"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka \"MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.\" This affects Microsoft Research JavaScript Cryptography Library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319" "lang": "eng",
}, "value": "A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka \"MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.\" This affects Microsoft Research JavaScript Cryptography Library."
{ }
"name" : "104655", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104655" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041268", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041268" "lang": "eng",
} "value": "Security Feature Bypass"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104655"
},
{
"name": "1041268",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041268"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319"
}
]
}
}

34
2018/8xxx/CVE-2018-8521.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8521", "ID": "CVE-2018-8521",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2018/8xxx/CVE-2018-8846.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-31T00:00:00", "DATE_PUBLIC": "2018-08-31T00:00:00",
"ID" : "CVE-2018-8846", "ID": "CVE-2018-8846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "e-Alert Unit (non-medical device)", "product_name": "e-Alert Unit (non-medical device)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "R2.1 and prior" "version_value": "R2.1 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Philips" "vendor_name": "Philips"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01" "lang": "eng",
}, "value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users."
{ }
"name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", ]
"refsource" : "CONFIRM", },
"url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105194", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105194" "lang": "eng",
} "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "CONFIRM",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105194"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
]
}
}