admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:31:22 +00:00
parent 0be39d3afc
commit c1315a8507
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
66 changed files with 4561 additions and 4561 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
1999/0xxx/CVE-1999-0400.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denial of service in Linux 2.2.0 running the ldd command on a core file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/344"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service in Linux 2.2.0 running the ldd command on a core file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/344"
}
]
}
}

148
1999/0xxx/CVE-1999-0977.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "00191",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191"
},
{
"name" : "866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/866"
},
{
"name" : "2354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2354"
},
{
"name" : "2558",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2558"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "00191",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191"
},
{
"name": "2354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2354"
},
{
"name": "2558",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2558"
},
{
"name": "866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/866"
}
]
}
}

138
1999/1xxx/CVE-1999-1046.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990302 Multiple IMail Vulnerabilites",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=92038879607336&w=2"
},
{
"name" : "504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/504"
},
{
"name" : "imail-imonitor-overflow(1897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/504"
},
{
"name": "19990302 Multiple IMail Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=92038879607336&w=2"
},
{
"name": "imail-imonitor-overflow(1897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1897"
}
]
}
}

128
1999/1xxx/CVE-1999-1078.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990729 WS_FTP Pro 6.0 Weak Password Encryption Vulnerability",
"refsource" : "NTBUGTRAQ",
"url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P"
},
{
"name" : "547",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/547"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/547"
},
{
"name": "19990729 WS_FTP Pro 6.0 Weak Password Encryption Vulnerability",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P"
}
]
}
}

118
1999/1xxx/CVE-1999-1377.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pulhas.org/phrack/55/P55-07.html",
"refsource" : "MISC",
"url" : "http://pulhas.org/phrack/55/P55-07.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pulhas.org/phrack/55/P55-07.html",
"refsource": "MISC",
"url": "http://pulhas.org/phrack/55/P55-07.html"
}
]
}
}

128
1999/1xxx/CVE-1999-1429.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980105 Security flaw in either DIT TransferPro or Solaris",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=88419633507543&w=2"
},
{
"name" : "204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/204"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980105 Security flaw in either DIT TransferPro or Solaris",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=88419633507543&w=2"
},
{
"name": "204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/204"
}
]
}
}

128
1999/1xxx/CVE-1999-1534.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990923 Multiple vendor Knox Arkiea local root/remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=93837184228248&w=2"
},
{
"name" : "661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/661"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/661"
},
{
"name": "19990923 Multiple vendor Knox Arkiea local root/remote DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=93837184228248&w=2"
}
]
}
}

138
2000/0xxx/CVE-2000-0024.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the \"Escape Character Parsing\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt",
"refsource" : "MISC",
"url" : "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt"
},
{
"name" : "MS99-061",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061"
},
{
"name" : "Q246401",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the \"Escape Character Parsing\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Q246401",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt"
},
{
"name": "MS99-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061"
}
]
}
}

118
2000/0xxx/CVE-2000-0083.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX0001-109",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/templates/advisory.html?id=2031"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX0001-109",
"refsource": "HP",
"url": "http://www.securityfocus.com/templates/advisory.html?id=2031"
}
]
}
}

128
2000/0xxx/CVE-2000-0269.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
},
{
"name" : "1125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1125"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
},
{
"name": "1125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1125"
}
]
}
}

128
2000/0xxx/CVE-2000-0388.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-00:17",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc"
},
{
"name" : "1185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1185"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1185"
},
{
"name": "FreeBSD-SA-00:17",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc"
}
]
}
}

128
2000/0xxx/CVE-2000-0694.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000802 Local root compromise in PGX Config Sun Sparc Solaris",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html"
},
{
"name" : "5740",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5740"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000802 Local root compromise in PGX Config Sun Sparc Solaris",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html"
},
{
"name": "5740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5740"
}
]
}
}

148
2000/0xxx/CVE-2000-0729.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-00:41",
"refsource" : "FREEBSD",
"url" : "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html"
},
{
"name" : "1625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1625"
},
{
"name" : "freebsd-elf-dos(5967)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967"
},
{
"name" : "1534",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1534"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:41",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html"
},
{
"name": "1534",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1534"
},
{
"name": "freebsd-elf-dos(5967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5967"
},
{
"name": "1625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1625"
}
]
}
}

148
2000/0xxx/CVE-2000-0919.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001007 PHPix advisory",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html"
},
{
"name" : "1773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1773"
},
{
"name" : "phpix-dir-traversal(5331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5331"
},
{
"name" : "472",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/472"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "472",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/472"
},
{
"name": "phpix-dir-traversal(5331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5331"
},
{
"name": "20001007 PHPix advisory",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html"
},
{
"name": "1773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1773"
}
]
}
}

158
2000/0xxx/CVE-2000-0983.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the \"NetMeeting Desktop Sharing\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001018 Denial of Service attack against computers running Microsoft NetMeeting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/140341"
},
{
"name" : "MS00-077",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077"
},
{
"name" : "Q273854",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854"
},
{
"name" : "1798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1798"
},
{
"name" : "netmeeting-desktop-sharing-dos(5368)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5368"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the \"NetMeeting Desktop Sharing\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netmeeting-desktop-sharing-dos(5368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5368"
},
{
"name": "Q273854",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854"
},
{
"name": "MS00-077",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077"
},
{
"name": "20001018 Denial of Service attack against computers running Microsoft NetMeeting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/140341"
},
{
"name": "1798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1798"
}
]
}
}

138
2000/1xxx/CVE-2000-1112.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the \".WMS Script Execution\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS00-090",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090"
},
{
"name" : "1976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1976"
},
{
"name" : "mediaplayer-wms-script-exe(5575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5575"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the \".WMS Script Execution\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mediaplayer-wms-script-exe(5575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5575"
},
{
"name": "MS00-090",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090"
},
{
"name": "1976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1976"
}
]
}
}

168
2005/2xxx/CVE-2005-2079.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seer.support.veritas.com/docs/276607.htm",
"refsource" : "CONFIRM",
"url" : "http://seer.support.veritas.com/docs/276607.htm"
},
{
"name" : "http://seer.support.veritas.com/docs/277429.htm",
"refsource" : "CONFIRM",
"url" : "http://seer.support.veritas.com/docs/277429.htm"
},
{
"name" : "TA05-180A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-180A.html"
},
{
"name" : "VU#352625",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/352625"
},
{
"name" : "14023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14023"
},
{
"name" : "15789",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15789"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seer.support.veritas.com/docs/276607.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/276607.htm"
},
{
"name": "VU#352625",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/352625"
},
{
"name": "http://seer.support.veritas.com/docs/277429.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/277429.htm"
},
{
"name": "TA05-180A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-180A.html"
},
{
"name": "14023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14023"
},
{
"name": "15789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15789"
}
]
}
}

218
2005/2xxx/CVE-2005-2455.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites",
"refsource" : "MLIST",
"url" : "http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html"
},
{
"name" : "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites",
"refsource" : "MLIST",
"url" : "http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html"
},
{
"name" : "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html",
"refsource" : "CONFIRM",
"url" : "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html"
},
{
"name" : "http://greasemonkey.mozdev.org/changes/0.3.5.html",
"refsource" : "CONFIRM",
"url" : "http://greasemonkey.mozdev.org/changes/0.3.5.html"
},
{
"name" : "http://www.securiteam.com/securitynews/5CP0P20GBK.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/securitynews/5CP0P20GBK.html"
},
{
"name" : "14336",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14336"
},
{
"name" : "ADV-2005-1147",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1147"
},
{
"name" : "18154",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18154"
},
{
"name" : "1014529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014529"
},
{
"name" : "16128",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16128"
},
{
"name" : "mozilla-greasemonkey-information-disclosure(21453)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21453"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://greasemonkey.mozdev.org/changes/0.3.5.html",
"refsource": "CONFIRM",
"url": "http://greasemonkey.mozdev.org/changes/0.3.5.html"
},
{
"name": "16128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16128"
},
{
"name": "ADV-2005-1147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1147"
},
{
"name": "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites",
"refsource": "MLIST",
"url": "http://mozdev.org/pipermail/greasemonkey/2005-July/004022.html"
},
{
"name": "mozilla-greasemonkey-information-disclosure(21453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21453"
},
{
"name": "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html",
"refsource": "CONFIRM",
"url": "http://greaseblog.blogspot.com/2005/07/mandatory-greasemonkey-update.html"
},
{
"name": "[Greasemonkey] 20050718 greasemonkey for secure data over insecure networks / sites",
"refsource": "MLIST",
"url": "http://mozdev.org/pipermail/greasemonkey/2005-July/004000.html"
},
{
"name": "14336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14336"
},
{
"name": "1014529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014529"
},
{
"name": "18154",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18154"
},
{
"name": "http://www.securiteam.com/securitynews/5CP0P20GBK.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5CP0P20GBK.html"
}
]
}
}

128
2005/2xxx/CVE-2005-2575.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050809 Sql injection and global variables poisoning in XMB Forum 1.9.1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112361545228809&w=2"
},
{
"name" : "14523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14523"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050809 Sql injection and global variables poisoning in XMB Forum 1.9.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112361545228809&w=2"
},
{
"name": "14523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14523"
}
]
}
}

138
2005/2xxx/CVE-2005-2764.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200509-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-03.xml"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=102631",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=102631"
},
{
"name" : "ADV-2005-1640",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1640"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-1640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1640"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=102631",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=102631"
},
{
"name": "GLSA-200509-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-03.xml"
}
]
}
}

148
2005/2xxx/CVE-2005-2849.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112560044813390&w=2"
},
{
"name" : "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1",
"refsource" : "MISC",
"url" : "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1"
},
{
"name" : "1014837",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/alerts/2005/Sep/1014837.html"
},
{
"name" : "16683",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16683/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1",
"refsource": "MISC",
"url": "http://securiweb.net/wiki/Ressources/AvisDeSecurite/2005.1"
},
{
"name": "1014837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Sep/1014837.html"
},
{
"name": "16683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16683/"
},
{
"name": "20050901 [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112560044813390&w=2"
}
]
}
}

138
2005/3xxx/CVE-2005-3065.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html"
},
{
"name" : "16926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16926/"
},
{
"name" : "26",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/26"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16926/"
},
{
"name": "20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html"
},
{
"name": "26",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/26"
}
]
}
}

378
2005/3xxx/CVE-2005-3275.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA",
"refsource" : "CONFIRM",
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA"
},
{
"name" : "DSA-922",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-922"
},
{
"name" : "DSA-921",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-921"
},
{
"name" : "FLSA:157459-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name" : "FLSA:157459-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "MDKSA-2005:218",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"name" : "MDKSA-2005:219",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name" : "MDKSA-2005:220",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"name" : "MDKSA-2006:044",
"refsource" : "MANDRIVA",
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044"
},
{
"name" : "RHSA-2006:0140",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name" : "RHSA-2006:0190",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0190.html"
},
{
"name" : "RHSA-2006:0191",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name" : "20060402-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
},
{
"name" : "SUSE-SA:2005:068",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name" : "USN-219-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/219-1/"
},
{
"name" : "15531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15531"
},
{
"name" : "oval:org.mitre.oval:def:10142",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10142"
},
{
"name" : "17918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17918"
},
{
"name" : "18056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18056"
},
{
"name" : "18059",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18059"
},
{
"name" : "18562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18562"
},
{
"name" : "18684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18684"
},
{
"name" : "18977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18977"
},
{
"name" : "17826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17826"
},
{
"name" : "19185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19185"
},
{
"name" : "19607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19607"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name": "18684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18684"
},
{
"name": "18056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18056"
},
{
"name": "18977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18977"
},
{
"name": "MDKSA-2005:220",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:220"
},
{
"name": "oval:org.mitre.oval:def:10142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10142"
},
{
"name": "18059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18059"
},
{
"name": "19185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19185"
},
{
"name": "19607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19607"
},
{
"name": "SUSE-SA:2005:068",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name": "FLSA:157459-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name": "MDKSA-2006:044",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044"
},
{
"name": "DSA-922",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-922"
},
{
"name": "USN-219-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/219-1/"
},
{
"name": "RHSA-2006:0190",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0190.html"
},
{
"name": "MDKSA-2005:218",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"name": "FLSA:157459-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name": "DSA-921",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-921"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@42e14e05d0V1d88nZlaIX1F9dCRApA"
},
{
"name": "15531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15531"
},
{
"name": "17826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17826"
},
{
"name": "20060402-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
},
{
"name": "17918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17918"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "MDKSA-2005:219",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name": "RHSA-2006:0191",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name": "18562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18562"
}
]
}
}

178
2005/3xxx/CVE-2005-3369.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051026 Woltlab Burning Board info_db.php multiple SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113034480129309&w=2"
},
{
"name" : "15214",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15214"
},
{
"name" : "ADV-2005-2224",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2224"
},
{
"name" : "20330",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20330"
},
{
"name" : "17347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17347/"
},
{
"name" : "119",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/119"
},
{
"name" : "wbb-infodb-sql-injection(22887)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22887"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2224"
},
{
"name": "17347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17347/"
},
{
"name": "20051026 Woltlab Burning Board info_db.php multiple SQL injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113034480129309&w=2"
},
{
"name": "wbb-infodb-sql-injection(22887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22887"
},
{
"name": "119",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/119"
},
{
"name": "20330",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20330"
},
{
"name": "15214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15214"
}
]
}
}

198
2005/3xxx/CVE-2005-3814.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359",
"refsource" : "MISC",
"url" : "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359"
},
{
"name" : "http://nightmaresecurity.net/index.php?showtopic=1015",
"refsource" : "MISC",
"url" : "http://nightmaresecurity.net/index.php?showtopic=1015"
},
{
"name" : "15567",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15567"
},
{
"name" : "ADV-2005-2581",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2581"
},
{
"name" : "21090",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21090"
},
{
"name" : "21091",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21091"
},
{
"name" : "21092",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21092"
},
{
"name" : "1015259",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015259"
},
{
"name" : "17736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17736"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nightmaresecurity.net/index.php?showtopic=1015",
"refsource": "MISC",
"url": "http://nightmaresecurity.net/index.php?showtopic=1015"
},
{
"name": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359",
"refsource": "MISC",
"url": "http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=5359"
},
{
"name": "1015259",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015259"
},
{
"name": "ADV-2005-2581",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2581"
},
{
"name": "15567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15567"
},
{
"name": "21092",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21092"
},
{
"name": "17736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17736"
},
{
"name": "21091",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21091"
},
{
"name": "21090",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21090"
}
]
}
}

198
2009/2xxx/CVE-2009-2190.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3757",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3757"
},
{
"name" : "APPLE-SA-2009-08-05-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name" : "TA09-218A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
},
{
"name" : "35954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35954"
},
{
"name" : "56841",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56841"
},
{
"name" : "1022672",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022672"
},
{
"name" : "36096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36096"
},
{
"name" : "ADV-2009-2172",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name" : "macosx-launchd-dos(52425)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52425"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3757",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3757"
},
{
"name": "56841",
"refsource": "OSVDB",
"url": "http://osvdb.org/56841"
},
{
"name": "36096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36096"
},
{
"name": "APPLE-SA-2009-08-05-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
},
{
"name": "macosx-launchd-dos(52425)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52425"
},
{
"name": "1022672",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022672"
},
{
"name": "35954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35954"
},
{
"name": "ADV-2009-2172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2172"
},
{
"name": "TA09-218A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
}
]
}
}

138
2009/2xxx/CVE-2009-2338.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8446",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8446"
},
{
"name" : "34538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34538"
},
{
"name" : "34707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34707"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8446",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8446"
},
{
"name": "34707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34707"
},
{
"name": "34538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34538"
}
]
}
}

148
2009/2xxx/CVE-2009-2826.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "36956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36956"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}

138
2009/2xxx/CVE-2009-2921.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9353",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9353"
},
{
"name" : "ADV-2009-2161",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2161"
},
{
"name" : "phpnews-login-sql-injection(52231)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52231"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpnews-login-sql-injection(52231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52231"
},
{
"name": "9353",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9353"
},
{
"name": "ADV-2009-2161",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2161"
}
]
}
}

178
2009/3xxx/CVE-2009-3049.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/freebsd/1000/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/freebsd/1000/"
},
{
"name" : "http://www.opera.com/docs/changelogs/linux/1000/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/linux/1000/"
},
{
"name" : "http://www.opera.com/docs/changelogs/mac/1000/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1000/"
},
{
"name" : "http://www.opera.com/docs/changelogs/solaris/1000/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/solaris/1000/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1000/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1000/"
},
{
"name" : "http://www.opera.com/support/kb/view/932/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/932/"
},
{
"name" : "oval:org.mitre.oval:def:6235",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6235"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/freebsd/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/freebsd/1000/"
},
{
"name": "oval:org.mitre.oval:def:6235",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6235"
},
{
"name": "http://www.opera.com/docs/changelogs/solaris/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/solaris/1000/"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/1000/"
},
{
"name": "http://www.opera.com/support/kb/view/932/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/932/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1000/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1000/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1000/"
}
]
}
}

148
2009/3xxx/CVE-2009-3404.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name" : "TA09-294A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name" : "36773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36773"
},
{
"name" : "1023061",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023061"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36773"
},
{
"name": "TA09-294A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name": "1023061",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023061"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
}
]
}
}

208
2009/3xxx/CVE-2009-3934.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an \"empty redirect chain,\" as demonstrated by a message in Yahoo! Mail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=22205",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=22205"
},
{
"name" : "http://codereview.chromium.org/326015",
"refsource" : "CONFIRM",
"url" : "http://codereview.chromium.org/326015"
},
{
"name" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html"
},
{
"name" : "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771",
"refsource" : "CONFIRM",
"url" : "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771"
},
{
"name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772",
"refsource" : "CONFIRM",
"url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "59744",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59744"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "googlechrome-webframeloader-dos(54296)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54296"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an \"empty redirect chain,\" as demonstrated by a message in Yahoo! Mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=30772"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "http://codereview.chromium.org/326015",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/326015"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=22205",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=22205"
},
{
"name": "googlechrome-webframeloader-dos(54296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54296"
},
{
"name": "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/branches/195/src/webkit/glue/webframeloaderclient_impl.cc?r1=30772&r2=30771"
},
{
"name": "59744",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59744"
}
]
}
}

128
2015/0xxx/CVE-2015-0173.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699547",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699547"
},
{
"name" : "1032630",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032630"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699547",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699547"
},
{
"name": "1032630",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032630"
}
]
}
}

148
2015/0xxx/CVE-2015-0592.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416"
},
{
"name" : "20150209 Cisco IOS Software Kernel Timer Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592"
},
{
"name" : "1031713",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031713"
},
{
"name" : "ciscoios-cve20150592-dos(100758)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100758"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-cve20150592-dos(100758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100758"
},
{
"name": "20150209 Cisco IOS Software Kernel Timer Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0592"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37416"
},
{
"name": "1031713",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031713"
}
]
}
}

158
2015/0xxx/CVE-2015-0810.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-0810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "1031996",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031996"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031996",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031996"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-35.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1125013"
}
]
}
}

138
2015/0xxx/CVE-2015-0999.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-0999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
},
{
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01",
"refsource" : "CONFIRM",
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
},
{
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02",
"refsource" : "CONFIRM",
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02"
}
]
}
}

32
2015/1xxx/CVE-2015-1340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2015/1xxx/CVE-2015-1692.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka \"Internet Explorer Clipboard Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-043",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
},
{
"name" : "74517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74517"
},
{
"name" : "1032282",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032282"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka \"Internet Explorer Clipboard Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032282"
},
{
"name": "74517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74517"
},
{
"name": "MS15-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
}
]
}
}

32
2015/4xxx/CVE-2015-4131.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4131",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4131",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2015/4xxx/CVE-2015-4505.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "openSUSE-SU-2015:1658",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name" : "openSUSE-SU-2015:1679",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html"
},
{
"name" : "openSUSE-SU-2015:1681",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name" : "1033640",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033640"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-100.html"
},
{
"name": "openSUSE-SU-2015:1681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1177861"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1033640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033640"
},
{
"name": "openSUSE-SU-2015:1679",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html"
},
{
"name": "openSUSE-SU-2015:1658",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
}
]
}
}

288
2015/4xxx/CVE-2015-4506.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3365",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3365"
},
{
"name" : "RHSA-2015:1834",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1834.html"
},
{
"name" : "SUSE-SU-2015:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name" : "openSUSE-SU-2015:1658",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name" : "SUSE-SU-2015:1680",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html"
},
{
"name" : "openSUSE-SU-2015:1679",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html"
},
{
"name" : "openSUSE-SU-2015:1681",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name" : "SUSE-SU-2015:1703",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html"
},
{
"name" : "USN-2743-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name" : "USN-2754-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2754-1"
},
{
"name" : "USN-2743-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-1"
},
{
"name" : "USN-2743-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name" : "USN-2743-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name" : "76816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76816"
},
{
"name" : "1033640",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033640"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:1680",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1192226"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "openSUSE-SU-2015:1681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name": "USN-2754-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2754-1"
},
{
"name": "USN-2743-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2743-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name": "RHSA-2015:1834",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1834.html"
},
{
"name": "USN-2743-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name": "1033640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033640"
},
{
"name": "DSA-3365",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3365"
},
{
"name": "76816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76816"
},
{
"name": "SUSE-SU-2015:1703",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html"
},
{
"name": "openSUSE-SU-2015:1679",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html"
},
{
"name": "openSUSE-SU-2015:1658",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name": "USN-2743-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-1"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-101.html"
}
]
}
}

168
2015/4xxx/CVE-2015-4556.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"name" : "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"name" : "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q2/712"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1231871",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"name" : "GLSA-201612-54",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-54"
},
{
"name" : "97293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97293"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"name": "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme's string-translate* procedure",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/712"
},
{
"name": "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"name": "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"name": "GLSA-201612-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "97293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97293"
}
]
}
}

118
2015/4xxx/CVE-2015-4754.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
}
]
}
}

128
2015/8xxx/CVE-2015-8559.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151214 Re: Chef: knife bootstrap leaks validator privkey into system logs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/12/14/14"
},
{
"name" : "https://github.com/chef/chef/issues/3871",
"refsource" : "CONFIRM",
"url" : "https://github.com/chef/chef/issues/3871"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151214 Re: Chef: knife bootstrap leaks validator privkey into system logs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/14"
},
{
"name": "https://github.com/chef/chef/issues/3871",
"refsource": "CONFIRM",
"url": "https://github.com/chef/chef/issues/3871"
}
]
}
}

130
2015/9xxx/CVE-2015-9181.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-9181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Over-read in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-9181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835, in a crypto API function, a buffer over-read can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

138
2015/9xxx/CVE-2015-9263.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-9263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37888",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37888/"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php"
},
{
"name" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2",
"refsource" : "MISC",
"url" : "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php"
},
{
"name": "37888",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37888/"
},
{
"name": "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2"
}
]
}
}

32
2016/5xxx/CVE-2016-5656.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5656",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5656",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/2xxx/CVE-2018-2074.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2074",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2074",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

32
2018/2xxx/CVE-2018-2080.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2080",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2080",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

146
2018/2xxx/CVE-2018-2463.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Hybris Commerce",
"version" : {
"version_data" : [
{
"version_name" : "=",
"version_value" : "6.*"
}
]
}
}
]
},
"vendor_name" : "SAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF)"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Hybris Commerce",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "6.*"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2680834",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2680834"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
"refsource" : "CONFIRM",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"name" : "105339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105339"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105339"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2680834",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2680834"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

32
2018/2xxx/CVE-2018-2512.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2512",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2512",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2018/3xxx/CVE-2018-3604.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-3604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Control Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-067/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-084/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-088/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-095/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-096/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-097/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-102/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
},
{
"name" : "https://success.trendmicro.com/solution/1119158",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
},
{
"name": "https://success.trendmicro.com/solution/1119158",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119158"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
}
]
}
}

118
2018/6xxx/CVE-2018-6370.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44123",
"refsource" : "EXPLOIT-DB",
"url" : "https://exploit-db.com/exploits/44123"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44123",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44123"
}
]
}
}

128
2018/6xxx/CVE-2018-6381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/gdraheim/zziplib/issues/12",
"refsource" : "MISC",
"url" : "https://github.com/gdraheim/zziplib/issues/12"
},
{
"name" : "USN-3699-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3699-1/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3699-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3699-1/"
},
{
"name": "https://github.com/gdraheim/zziplib/issues/12",
"refsource": "MISC",
"url": "https://github.com/gdraheim/zziplib/issues/12"
}
]
}
}

128
2018/6xxx/CVE-2018-6462.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt",
"refsource" : "MISC",
"url" : "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt"
},
{
"name" : "https://www.tracker-software.com/company/news_press_events/view/179",
"refsource" : "CONFIRM",
"url" : "https://www.tracker-software.com/company/news_press_events/view/179"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tracker-software.com/company/news_press_events/view/179",
"refsource": "CONFIRM",
"url": "https://www.tracker-software.com/company/news_press_events/view/179"
},
{
"name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt",
"refsource": "MISC",
"url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt"
}
]
}
}

118
2018/6xxx/CVE-2018-6900.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/",
"refsource" : "MISC",
"url" : "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/",
"refsource": "MISC",
"url": "https://0day4u.wordpress.com/2018/03/12/website-broker-script-stored-xss/"
}
]
}
}

140
2018/6xxx/CVE-2018-6962.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2018-05-21T00:00:00",
"ID" : "CVE-2018-6962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fusion",
"version" : {
"version_data" : [
{
"version_value" : "10.x before 10.1.2"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Signature bypass vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-6962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.2"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vmware.com/security/advisories/VMSA-2018-0013.html",
"refsource" : "CONFIRM",
"url" : "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
},
{
"name" : "104235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104235"
},
{
"name" : "1040957",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040957"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Signature bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104235"
},
{
"name": "1040957",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040957"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0013.html"
}
]
}
}

148
2018/7xxx/CVE-2018-7435.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547879",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1547879"
},
{
"name" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE",
"refsource" : "MISC",
"url" : "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE"
},
{
"name" : "DSA-4129",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4129"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180301 [SECURITY] [DLA 1297-1] freexl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00000.html"
},
{
"name": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/spatialite-users/b-d9iB5TDPE"
},
{
"name": "DSA-4129",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4129"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1547879",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547879"
}
]
}
}

328
2018/7xxx/CVE-2018-7489.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FasterXML/jackson-databind/issues/1931",
"refsource" : "CONFIRM",
"url" : "https://github.com/FasterXML/jackson-databind/issues/1931"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180328-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180328-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "DSA-4190",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4190"
},
{
"name" : "RHSA-2018:1447",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name" : "RHSA-2018:1448",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name" : "RHSA-2018:1449",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name" : "RHSA-2018:1450",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name" : "RHSA-2018:1451",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name" : "RHSA-2018:1786",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1786"
},
{
"name" : "RHSA-2018:2088",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2088"
},
{
"name" : "RHSA-2018:2089",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2089"
},
{
"name" : "RHSA-2018:2090",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2090"
},
{
"name" : "RHSA-2018:2938",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2938"
},
{
"name" : "RHSA-2018:2939",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"name" : "103203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103203"
},
{
"name" : "1040693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040693"
},
{
"name" : "1041890",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041890"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103203"
},
{
"name": "RHSA-2018:1448",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us"
},
{
"name": "RHSA-2018:2938",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2938"
},
{
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180328-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180328-0001/"
},
{
"name": "RHSA-2018:2090",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2090"
},
{
"name": "RHSA-2018:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2939"
},
{
"name": "1041890",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041890"
},
{
"name": "1040693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040693"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1931",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1931"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2018:1786",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1786"
},
{
"name": "RHSA-2018:1451",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "DSA-4190",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4190"
},
{
"name": "RHSA-2018:1447",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name": "RHSA-2018:2088",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2088"
},
{
"name": "RHSA-2018:2089",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2089"
}
]
}
}

32
2018/7xxx/CVE-2018-7576.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7576",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7576",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2018/7xxx/CVE-2018-7707.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44285",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44285/"
},
{
"name" : "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
},
{
"name": "44285",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44285/"
}
]
}
}

128
2018/7xxx/CVE-2018-7756.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a \"SETFIREWALL Off\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44275",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44275/"
},
{
"name" : "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt",
"refsource" : "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a \"SETFIREWALL Off\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt"
},
{
"name": "44275",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44275/"
}
]
}
}

118
2019/5xxx/CVE-2019-5007.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

32
2019/5xxx/CVE-2019-5091.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5091",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5091",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/5xxx/CVE-2019-5133.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5133",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5133",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/5xxx/CVE-2019-5170.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5170",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5170",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}