admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:23:30 +00:00
parent b93a3b8dda
commit b108aad2e2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
42 changed files with 3254 additions and 3254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2005/0xxx/CVE-2005-0352.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050316 Servers Alive: Local Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111100364513513&w=2"
},
{
"name" : "12822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12822"
},
{
"name" : "14616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14616/"
},
{
"name" : "serversalive-gain-privileges(19715)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14616/"
},
{
"name": "20050316 Servers Alive: Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111100364513513&w=2"
},
{
"name": "12822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12822"
},
{
"name": "serversalive-gain-privileges(19715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19715"
}
]
}
}

180
2005/0xxx/CVE-2005-0353.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050307 CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111022094326772&w=2"
},
{
"name" : "http://www.cirt.dk/advisories/cirt-30-advisory.pdf",
"refsource" : "MISC",
"url" : "http://www.cirt.dk/advisories/cirt-30-advisory.pdf"
},
{
"name" : "20050313 [HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=111072872816405&w=2"
},
{
"name" : "VU#108790",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/108790"
},
{
"name" : "12742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12742"
},
{
"name" : "14511",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14511"
},
{
"name" : "sentinel-license-manager-bo(19621)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12742"
},
{
"name": "20050313 [HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=111072872816405&w=2"
},
{
"name": "14511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14511"
},
{
"name": "sentinel-license-manager-bo(19621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19621"
},
{
"name": "20050307 CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111022094326772&w=2"
},
{
"name": "VU#108790",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/108790"
},
{
"name": "http://www.cirt.dk/advisories/cirt-30-advisory.pdf",
"refsource": "MISC",
"url": "http://www.cirt.dk/advisories/cirt-30-advisory.pdf"
}
]
}
}

140
2005/0xxx/CVE-2005-0809.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#581068",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/581068"
},
{
"name" : "12843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12843"
},
{
"name" : "14617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14617"
},
{
"name": "VU#581068",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/581068"
},
{
"name": "12843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12843"
}
]
}
}

150
2005/3xxx/CVE-2005-3067.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050920 perldiver",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0543.html"
},
{
"name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt",
"refsource" : "MISC",
"url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt"
},
{
"name" : "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443",
"refsource" : "MISC",
"url" : "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443"
},
{
"name" : "1015146",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015146"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443",
"refsource": "MISC",
"url": "http://www.scriptsolutions.com/support/showthreaded.pl?Cat=&Board=PDBugs&Number=443&Search=true&Forum=All_Forums&Words=werner&Match=Entire%20Phrase&Searchpage=0&Limit=25&Old=1month&Main=443"
},
{
"name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt",
"refsource": "MISC",
"url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-014-perldiver.txt"
},
{
"name": "20050920 perldiver",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0543.html"
},
{
"name": "1015146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015146"
}
]
}
}

120
2005/3xxx/CVE-2005-3279.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://felinemenace.org/advisories/bmv_advisory.txt",
"refsource" : "MISC",
"url" : "http://felinemenace.org/advisories/bmv_advisory.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://felinemenace.org/advisories/bmv_advisory.txt",
"refsource": "MISC",
"url": "http://felinemenace.org/advisories/bmv_advisory.txt"
}
]
}
}

160
2005/3xxx/CVE-2005-3377.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113026417802703&w=2"
},
{
"name" : "http://www.securityelf.org/magicbyteadv.html",
"refsource" : "MISC",
"url" : "http://www.securityelf.org/magicbyteadv.html"
},
{
"name" : "http://www.securityelf.org/magicbyte.html",
"refsource" : "MISC",
"url" : "http://www.securityelf.org/magicbyte.html"
},
{
"name" : "http://www.securityelf.org/updmagic.html",
"refsource" : "MISC",
"url" : "http://www.securityelf.org/updmagic.html"
},
{
"name" : "15189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15189"
},
{
"name": "http://www.securityelf.org/magicbyte.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"name": "http://www.securityelf.org/magicbyteadv.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113026417802703&w=2"
},
{
"name": "http://www.securityelf.org/updmagic.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/updmagic.html"
}
]
}
}

210
2005/3xxx/CVE-2005-3553.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT",
"refsource" : "BUGTRAQ",
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html"
},
{
"name" : "http://www.hardened-php.net/advisory_212005.80.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_212005.80.html"
},
{
"name" : "15354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15354"
},
{
"name" : "ADV-2005-2344",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2344"
},
{
"name" : "20560",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20560"
},
{
"name" : "20561",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20561"
},
{
"name" : "1015167",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015167"
},
{
"name" : "17479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17479"
},
{
"name" : "phpkit-phpkitsid-sql-injection(23013)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23013"
},
{
"name" : "phpkit-userinfo-sql-injection(23010)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015167"
},
{
"name": "phpkit-userinfo-sql-injection(23010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23010"
},
{
"name": "15354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15354"
},
{
"name": "20560",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20560"
},
{
"name": "20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html"
},
{
"name": "ADV-2005-2344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2344"
},
{
"name": "17479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17479"
},
{
"name": "http://www.hardened-php.net/advisory_212005.80.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_212005.80.html"
},
{
"name": "20561",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20561"
},
{
"name": "phpkit-phpkitsid-sql-injection(23013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23013"
}
]
}
}

150
2005/3xxx/CVE-2005-3993.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mailenable.com/hotfix/",
"refsource" : "CONFIRM",
"url" : "http://www.mailenable.com/hotfix/"
},
{
"name" : "ADV-2005-2704",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2704"
},
{
"name" : "21388",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21388"
},
{
"name" : "17820",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17820"
},
{
"name": "21388",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21388"
},
{
"name": "http://www.mailenable.com/hotfix/",
"refsource": "CONFIRM",
"url": "http://www.mailenable.com/hotfix/"
},
{
"name": "ADV-2005-2704",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2704"
}
]
}
}

34
2005/4xxx/CVE-2005-4102.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4102",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-4102",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

160
2005/4xxx/CVE-2005-4383.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html"
},
{
"name" : "ADV-2005-2979",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2979"
},
{
"name" : "21856",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21856"
},
{
"name" : "18145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18145"
},
{
"name" : "communityenterprise-multiple-xss(23821)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18145"
},
{
"name": "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/community-enterprise-4x-multiple-vuln.html"
},
{
"name": "ADV-2005-2979",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2979"
},
{
"name": "21856",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21856"
},
{
"name": "communityenterprise-multiple-xss(23821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23821"
}
]
}
}

220
2005/4xxx/CVE-2005-4485.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/projectapp-mutliple-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/projectapp-mutliple-xss-vuln.html"
},
{
"name" : "16011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16011"
},
{
"name" : "ADV-2005-3040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3040"
},
{
"name" : "21962",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21962"
},
{
"name" : "21963",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21963"
},
{
"name" : "21964",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21964"
},
{
"name" : "21965",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21965"
},
{
"name" : "21966",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21966"
},
{
"name" : "21967",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21967"
},
{
"name" : "21968",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21968"
},
{
"name" : "18199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21964",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21964"
},
{
"name": "ADV-2005-3040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3040"
},
{
"name": "21965",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21965"
},
{
"name": "18199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18199"
},
{
"name": "21966",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21966"
},
{
"name": "21963",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21963"
},
{
"name": "http://pridels0.blogspot.com/2005/12/projectapp-mutliple-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/projectapp-mutliple-xss-vuln.html"
},
{
"name": "21962",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21962"
},
{
"name": "21967",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21967"
},
{
"name": "16011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16011"
},
{
"name": "21968",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21968"
}
]
}
}

290
2009/0xxx/CVE-2009-0198.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090610 Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504217/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2009-24/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-24/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html"
},
{
"name" : "GLSA-200907-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name" : "RHSA-2009:1109",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1109.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "SUSE-SA:2009:035",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html"
},
{
"name" : "TA09-161A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-161A.html"
},
{
"name" : "35274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35274"
},
{
"name" : "35302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35302"
},
{
"name" : "1022361",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022361"
},
{
"name" : "34580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34580"
},
{
"name" : "35496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35496"
},
{
"name" : "35655",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35655"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "35734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35734"
},
{
"name" : "ADV-2009-1547",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1547"
},
{
"name" : "reader-acrobat-jbig2-code-exec(51015)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35274"
},
{
"name": "ADV-2009-1547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1547"
},
{
"name": "35655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35655"
},
{
"name": "TA09-161A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-161A.html"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "reader-acrobat-jbig2-code-exec(51015)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51015"
},
{
"name": "RHSA-2009:1109",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1109.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-07.html"
},
{
"name": "SUSE-SA:2009:035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html"
},
{
"name": "1022361",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022361"
},
{
"name": "http://secunia.com/secunia_research/2009-24/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-24/"
},
{
"name": "35302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35302"
},
{
"name": "20090610 Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504217/100/0/threaded"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "34580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34580"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35496"
}
]
}
}

170
2009/0xxx/CVE-2009-0503.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431"
},
{
"name" : "IC55298",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55298"
},
{
"name" : "33819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33819"
},
{
"name" : "1021735",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021735"
},
{
"name" : "ADV-2009-0460",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0460"
},
{
"name" : "websphere-msgbroker-info-disclosure(48642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48642"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431"
},
{
"name": "ADV-2009-0460",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0460"
},
{
"name": "1021735",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021735"
},
{
"name": "websphere-msgbroker-info-disclosure(48642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48642"
},
{
"name": "IC55298",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55298"
},
{
"name": "33819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33819"
}
]
}
}

160
2009/0xxx/CVE-2009-0707.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7642",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7642"
},
{
"name" : "33083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33083"
},
{
"name" : "51112",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51112"
},
{
"name" : "33362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33362"
},
{
"name" : "powerclan-index-sql-injection(47702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51112",
"refsource": "OSVDB",
"url": "http://osvdb.org/51112"
},
{
"name": "powerclan-index-sql-injection(47702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47702"
},
{
"name": "7642",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7642"
},
{
"name": "33083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33083"
},
{
"name": "33362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33362"
}
]
}
}

290
2009/0xxx/CVE-2009-0914.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090307 CVE Request: Opera <9.64: Execution of arbitrary code",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/07/1"
},
{
"name" : "http://www.opera.com/docs/changelogs/freebsd/964/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/freebsd/964/"
},
{
"name" : "http://www.opera.com/docs/changelogs/linux/964/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/linux/964/"
},
{
"name" : "http://www.opera.com/docs/changelogs/mac/964/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/964/"
},
{
"name" : "http://www.opera.com/docs/changelogs/solaris/964/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/solaris/964/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/964/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/964/"
},
{
"name" : "http://www.opera.com/support/kb/view/926/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/926/"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=261032",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=261032"
},
{
"name" : "GLSA-200903-30",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"name" : "SUSE-SR:2009:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name" : "33961",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33961"
},
{
"name" : "oval:org.mitre.oval:def:5955",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5955"
},
{
"name" : "oval:org.mitre.oval:def:6230",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6230"
},
{
"name" : "1021782",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021782"
},
{
"name" : "34135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34135"
},
{
"name" : "34294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34294"
},
{
"name" : "34418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34418"
},
{
"name" : "ADV-2009-0586",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0586"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:5955",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5955"
},
{
"name": "34135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34135"
},
{
"name": "oval:org.mitre.oval:def:6230",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6230"
},
{
"name": "http://www.opera.com/docs/changelogs/solaris/964/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/solaris/964/"
},
{
"name": "http://www.opera.com/support/kb/view/926/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/926/"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/964/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/964/"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/964/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/964/"
},
{
"name": "33961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33961"
},
{
"name": "ADV-2009-0586",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0586"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=261032",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=261032"
},
{
"name": "1021782",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021782"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/964/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/964/"
},
{
"name": "34294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34294"
},
{
"name": "http://www.opera.com/docs/changelogs/freebsd/964/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/freebsd/964/"
},
{
"name": "[oss-security] 20090307 CVE Request: Opera <9.64: Execution of arbitrary code",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/07/1"
},
{
"name": "GLSA-200903-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
]
}
}

210
2009/1xxx/CVE-2009-1138.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a \"DN AttributeValue,\" aka \"Active Directory Invalid Free Vulnerability.\" NOTE: this issue is probably a memory leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090611 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=804"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm"
},
{
"name" : "MS09-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "35226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35226"
},
{
"name" : "54937",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54937"
},
{
"name" : "oval:org.mitre.oval:def:6180",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6180"
},
{
"name" : "1022349",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022349"
},
{
"name" : "35355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35355"
},
{
"name" : "ADV-2009-1537",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a \"DN AttributeValue,\" aka \"Active Directory Invalid Free Vulnerability.\" NOTE: this issue is probably a memory leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35226"
},
{
"name": "20090611 Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=804"
},
{
"name": "oval:org.mitre.oval:def:6180",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6180"
},
{
"name": "MS09-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm"
},
{
"name": "1022349",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022349"
},
{
"name": "ADV-2009-1537",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1537"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "35355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35355"
},
{
"name": "54937",
"refsource": "OSVDB",
"url": "http://osvdb.org/54937"
}
]
}
}

130
2009/3xxx/CVE-2009-3066.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0909-exploits/propertywatch-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0909-exploits/propertywatch-xss.txt"
},
{
"name" : "36548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0909-exploits/propertywatch-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/propertywatch-xss.txt"
},
{
"name": "36548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36548"
}
]
}
}

140
2009/3xxx/CVE-2009-3339.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
},
{
"name" : "1022829",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022829"
},
{
"name" : "36574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022829"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "36574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36574"
}
]
}
}

130
2009/3xxx/CVE-2009-3415.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-3415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name" : "TA10-012A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}

150
2009/4xxx/CVE-2009-4523.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.org/0910-exploits/zainu-xss.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/0910-exploits/zainu-xss.txt"
},
{
"name" : "36701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36701"
},
{
"name" : "36798",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36798"
},
{
"name" : "zainu-index-xss(53790)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53790"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.org/0910-exploits/zainu-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0910-exploits/zainu-xss.txt"
},
{
"name": "36798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36798"
},
{
"name": "zainu-index-xss(53790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53790"
},
{
"name": "36701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36701"
}
]
}
}

150
2012/2xxx/CVE-2012-2059.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1482126",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1482126"
},
{
"name" : "52502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52502"
},
{
"name" : "ticketyboo-drupal-xss(74056)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1482126",
"refsource": "MISC",
"url": "http://drupal.org/node/1482126"
},
{
"name": "ticketyboo-drupal-xss(74056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74056"
},
{
"name": "52502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52502"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
}
]
}
}

190
2012/2xxx/CVE-2012-2073.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the \"use PHP for settings\" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1506420",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1506420"
},
{
"name" : "http://drupal.org/node/1506166",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1506166"
},
{
"name" : "http://drupalcode.org/project/bundle_copy.git/commit/299bdca",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/bundle_copy.git/commit/299bdca"
},
{
"name" : "52811",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52811"
},
{
"name" : "80676",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80676"
},
{
"name" : "48626",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48626"
},
{
"name" : "bundlecopy-usephp-code-execution(74439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the \"use PHP for settings\" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1506420",
"refsource": "MISC",
"url": "http://drupal.org/node/1506420"
},
{
"name": "80676",
"refsource": "OSVDB",
"url": "http://osvdb.org/80676"
},
{
"name": "bundlecopy-usephp-code-execution(74439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74439"
},
{
"name": "48626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48626"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "52811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52811"
},
{
"name": "http://drupal.org/node/1506166",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1506166"
},
{
"name": "http://drupalcode.org/project/bundle_copy.git/commit/299bdca",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/bundle_copy.git/commit/299bdca"
}
]
}
}

140
2012/2xxx/CVE-2012-2860.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=137671",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=137671"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"name" : "oval:org.mitre.oval:def:15709",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15709"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15709",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15709"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=137671",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=137671"
}
]
}
}

160
2015/0xxx/CVE-2015-0552.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by \"\\tmp\\moo.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150105 Re: CVE Request: gcab: directory traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/05/7"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774580",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774580"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=742331",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=742331"
},
{
"name" : "openSUSE-SU-2015:0043",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00018.html"
},
{
"name" : "62310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by \"\\tmp\\moo.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774580",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774580"
},
{
"name": "62310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62310"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=742331",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=742331"
},
{
"name": "[oss-security] 20150105 Re: CVE Request: gcab: directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/7"
},
{
"name": "openSUSE-SU-2015:0043",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00018.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0702.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150420 Cisco Unified MeetingPlace Custom Prompts languageShortName Parameter Arbitrary Code Execution Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38455"
},
{
"name" : "1032165",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150420 Cisco Unified MeetingPlace Custom Prompts languageShortName Parameter Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38455"
},
{
"name": "1032165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032165"
}
]
}
}

170
2015/1xxx/CVE-2015-1191.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150118 Re: CVE request: pigz, kgb, pax: directory traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/18/3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774978",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774978"
},
{
"name" : "https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f",
"refsource" : "CONFIRM",
"url" : "https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f"
},
{
"name" : "openSUSE-SU-2016:0650",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00013.html"
},
{
"name" : "openSUSE-SU-2016:0662",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00017.html"
},
{
"name" : "72109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0662",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00017.html"
},
{
"name": "https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f",
"refsource": "CONFIRM",
"url": "https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f"
},
{
"name": "[oss-security] 20150118 Re: CVE request: pigz, kgb, pax: directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/3"
},
{
"name": "72109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72109"
},
{
"name": "openSUSE-SU-2016:0650",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00013.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774978",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774978"
}
]
}
}

34
2015/5xxx/CVE-2015-5298.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5298",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5298",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/5xxx/CVE-2015-5422.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-403",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-403"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027"
},
{
"name" : "76457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76457"
},
{
"name" : "1033362",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027"
},
{
"name": "76457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76457"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-403",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-403"
},
{
"name": "1033362",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033362"
}
]
}
}

34
2015/5xxx/CVE-2015-5606.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5606",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5606",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2015/5xxx/CVE-2015-5791.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "76763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76763"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76763"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

170
2018/11xxx/CVE-2018-11385.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the \"Guard\" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
},
{
"name" : "https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication",
"refsource" : "CONFIRM",
"url" : "https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"
},
{
"name" : "DSA-4262",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4262"
},
{
"name" : "FEDORA-2018-96d770ddc9",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"
},
{
"name" : "FEDORA-2018-ba0b683c10",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"
},
{
"name" : "FEDORA-2018-eba0006df2",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the \"Guard\" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2018-96d770ddc9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"
},
{
"name": "FEDORA-2018-ba0b683c10",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"
},
{
"name": "https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication",
"refsource": "CONFIRM",
"url": "https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"
},
{
"name": "FEDORA-2018-eba0006df2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"
},
{
"name": "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
},
{
"name": "DSA-4262",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4262"
}
]
}
}

154
2018/11xxx/CVE-2018-11461.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2018-11461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version" : {
"version_data" : [
{
"version_value" : "SINUMERIK 808D V4.7 : All versions"
},
{
"version_value" : "SINUMERIK 808D V4.8 : All versions"
},
{
"version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
},
{
"version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
},
{
"version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264: Permissions, Privileges, and Access Controls"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-11461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version": {
"version_data": [
{
"version_value": "SINUMERIK 808D V4.7 : All versions"
},
{
"version_value": "SINUMERIK 808D V4.8 : All versions"
},
{
"version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
},
{
"version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
},
{
"version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
},
{
"name" : "106185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with user privileges could use the service command application for privilege escalation to an elevated user but not root. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264: Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106185"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]
}
}

120
2018/11xxx/CVE-2018-11707.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707",
"refsource" : "MISC",
"url" : "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/tree/master/CVE-2018-11707"
}
]
}
}

152
2018/3xxx/CVE-2018-3258.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Connectors",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Connectors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name" : "105589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105589"
},
{
"name" : "1041888",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "105589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105589"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
}

122
2018/3xxx/CVE-2018-3713.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "angular-http-server node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-3713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "angular-http-server node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/309120",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/309120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/309120",
"refsource": "MISC",
"url": "https://hackerone.com/reports/309120"
}
]
}
}

34
2018/3xxx/CVE-2018-3795.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3795",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3795",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/7xxx/CVE-2018-7050.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an \"empty\" nick."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2018/02/15/1",
"refsource" : "CONFIRM",
"url" : "http://openwall.com/lists/oss-security/2018/02/15/1"
},
{
"name" : "https://irssi.org/security/irssi_sa_2018_02.txt",
"refsource" : "CONFIRM",
"url" : "https://irssi.org/security/irssi_sa_2018_02.txt"
},
{
"name" : "DSA-4162",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4162"
},
{
"name" : "USN-3590-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3590-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an \"empty\" nick."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4162",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4162"
},
{
"name": "https://irssi.org/security/irssi_sa_2018_02.txt",
"refsource": "CONFIRM",
"url": "https://irssi.org/security/irssi_sa_2018_02.txt"
},
{
"name": "http://openwall.com/lists/oss-security/2018/02/15/1",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2018/02/15/1"
},
{
"name": "USN-3590-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3590-1/"
}
]
}
}

34
2018/7xxx/CVE-2018-7200.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7200",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7200",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/7xxx/CVE-2018-7669.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45152",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45152/"
},
{
"name" : "20180424 Sitecore Directory Traversal Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Apr/47"
},
{
"name" : "https://kb.sitecore.net/articles/356221",
"refsource" : "CONFIRM",
"url" : "https://kb.sitecore.net/articles/356221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45152",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45152/"
},
{
"name": "20180424 Sitecore Directory Traversal Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Apr/47"
},
{
"name": "https://kb.sitecore.net/articles/356221",
"refsource": "CONFIRM",
"url": "https://kb.sitecore.net/articles/356221"
}
]
}
}

130
2018/8xxx/CVE-2018-8097.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98",
"refsource" : "MISC",
"url" : "https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98"
},
{
"name" : "https://github.com/pyeve/eve/issues/1101",
"refsource" : "MISC",
"url" : "https://github.com/pyeve/eve/issues/1101"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98",
"refsource": "MISC",
"url": "https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98"
},
{
"name": "https://github.com/pyeve/eve/issues/1101",
"refsource": "MISC",
"url": "https://github.com/pyeve/eve/issues/1101"
}
]
}
}

468
2018/8xxx/CVE-2018-8477.json
View File

@ -1,236 +1,236 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for ARM64-based Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for ARM64-based Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for ARM64-based Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for ARM64-based Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8477",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8477"
},
{
"name" : "106081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8477",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8477"
},
{
"name": "106081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106081"
}
]
}
}

142
2018/8xxx/CVE-2018-8850.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-31T00:00:00",
"ID" : "CVE-2018-8850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "e-Alert Unit (non-medical device)",
"version" : {
"version_data" : [
{
"version_value" : "R2.1 and prior"
}
]
}
}
]
},
"vendor_name" : "Philips"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER INPUT VALIDATION CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-31T00:00:00",
"ID": "CVE-2018-8850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "e-Alert Unit (non-medical device)",
"version": {
"version_data": [
{
"version_value": "R2.1 and prior"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
},
{
"name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource" : "CONFIRM",
"url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name" : "105194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "CONFIRM",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105194"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
]
}
}