admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:56:57 +00:00
parent 7ff1a6b34a
commit c210f6a33c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4570 additions and 4570 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2002/0xxx/CVE-2002-0532.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0532",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0532",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters."
"lang": "eng",
"value": "EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020410 Re: emumail.cgi, one more local vulnerability (not verified)",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/266930"
"name": "5270",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5270"
},
{
"name" : "emumail-http-host-execute(8836)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8836.php"
"name": "emumail-http-host-execute(8836)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8836.php"
},
{
"name" : "4488",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4488"
"name": "20020410 Re: emumail.cgi, one more local vulnerability (not verified)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/266930"
},
{
"name" : "5270",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5270"
"name": "4488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4488"
}
]
}

74
2002/2xxx/CVE-2002-2142.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2142",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2142",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a \"/\" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension."
"lang": "eng",
"value": "An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a \"/\" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "BEA02-22.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/3"
"name": "weblogic-security-policy-ignored(10392)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10392.php"
},
{
"name" : "5971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5971"
"name": "5971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5971"
},
{
"name" : "weblogic-security-policy-ignored(10392)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10392.php"
"name": "BEA02-22.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/3"
}
]
}

62
2005/0xxx/CVE-2005-0157.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0157",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0157",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned."
"lang": "eng",
"value": "The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "DSA-720",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-720"
"name": "DSA-720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-720"
}
]
}

68
2005/0xxx/CVE-2005-0409.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0409",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0409",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities."
"lang": "eng",
"value": "CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050214 Advisory: Upload Authorization bypass in CitrusDB",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html"
"name": "20050214 Advisory: Upload Authorization bypass in CitrusDB",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt"
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt"
}
]
}

68
2005/0xxx/CVE-2005-0422.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0422",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0422",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges."
"lang": "eng",
"value": "DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "1013139",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013139"
"name": "1013139",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013139"
},
{
"name" : "delphiturkcodebank-obtain-information(19248)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19248"
"name": "delphiturkcodebank-obtain-information(19248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19248"
}
]
}

80
2005/0xxx/CVE-2005-0630.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0630",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0630",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter."
"lang": "eng",
"value": "sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050301 Software PBLang 4.63 sendpm.php reply file read vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110971002211589&w=2"
"name": "pblang-sendpm-obtain-information(19544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19544"
},
{
"name" : "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1",
"refsource" : "CONFIRM",
"url" : "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1"
"name": "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1",
"refsource": "CONFIRM",
"url": "http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=40&page=1"
},
{
"name" : "12690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12690"
"name": "20050301 Software PBLang 4.63 sendpm.php reply file read vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110971002211589&w=2"
},
{
"name" : "pblang-sendpm-obtain-information(19544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19544"
"name": "12690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12690"
}
]
}

68
2005/0xxx/CVE-2005-0892.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0892",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0892",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands."
"lang": "eng",
"value": "Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050325 smail remote and local root holes",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111177045217717&w=2"
"name": "DSA-722",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-722"
},
{
"name" : "DSA-722",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-722"
"name": "20050325 smail remote and local root holes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111177045217717&w=2"
}
]
}

92
2005/0xxx/CVE-2005-0949.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0949",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0949",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050329 Multiple sql injection, and xss vulnerabilities in PortalApp",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111213291118273&w=2"
"name": "14749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14749"
},
{
"name" : "http://icis.digitalparadox.org/~dcrab/portalapp.txt",
"refsource" : "MISC",
"url" : "http://icis.digitalparadox.org/~dcrab/portalapp.txt"
"name": "20050329 Multiple sql injection, and xss vulnerabilities in PortalApp",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111213291118273&w=2"
},
{
"name" : "12936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12936"
"name": "1013591",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013591"
},
{
"name" : "1013591",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013591"
"name": "http://icis.digitalparadox.org/~dcrab/portalapp.txt",
"refsource": "MISC",
"url": "http://icis.digitalparadox.org/~dcrab/portalapp.txt"
},
{
"name" : "14749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14749"
"name": "12936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12936"
},
{
"name" : "portalapp-contentasp-xss(19891)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19891"
"name": "portalapp-contentasp-xss(19891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19891"
}
]
}

92
2005/1xxx/CVE-2005-1216.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1216",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-1216",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter."
"lang": "eng",
"value": "Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS05-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-034"
"name": "VU#367077",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/367077"
},
{
"name" : "VU#367077",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/367077"
"name": "MS05-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-034"
},
{
"name" : "13954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13954"
"name": "13954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13954"
},
{
"name" : "oval:org.mitre.oval:def:468",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A468"
"name": "1014193",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014193"
},
{
"name" : "1014193",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014193"
"name": "oval:org.mitre.oval:def:468",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A468"
},
{
"name" : "15693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15693/"
"name": "15693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15693/"
}
]
}

92
2005/1xxx/CVE-2005-1372.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1372",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1372",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu."
"lang": "eng",
"value": "nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050427 Privilege escalation in BakBone NetVault 7.1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111464410324243&w=2"
"name": "bakbone-netvault-gain-privileges(20302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20302"
},
{
"name" : "13408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13408"
"name": "20050427 Privilege escalation in BakBone NetVault 7.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111464410324243&w=2"
},
{
"name" : "ADV-2005-0420",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0420"
"name": "15900",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15900"
},
{
"name" : "15900",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15900"
"name": "15158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15158/"
},
{
"name" : "15158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15158/"
"name": "ADV-2005-0420",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0420"
},
{
"name" : "bakbone-netvault-gain-privileges(20302)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20302"
"name": "13408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13408"
}
]
}

92
2005/1xxx/CVE-2005-1552.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1552",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1552",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image."
"lang": "eng",
"value": "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111574131105737&w=2"
"name": "16340",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16340"
},
{
"name" : "http://www.esqo.com/research/advisories/2005/100505-1.txt",
"refsource" : "MISC",
"url" : "http://www.esqo.com/research/advisories/2005/100505-1.txt"
"name": "15330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15330"
},
{
"name" : "13571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13571"
"name": "13571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13571"
},
{
"name" : "16340",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16340"
"name": "http://www.esqo.com/research/advisories/2005/100505-1.txt",
"refsource": "MISC",
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name" : "15330",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15330"
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111574131105737&w=2"
},
{
"name" : "geovision-authentication(20537)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537"
"name": "geovision-authentication(20537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537"
}
]
}

74
2005/1xxx/CVE-2005-1877.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1877",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1877",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to plain-text session credential leakage via script injection.",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034413.html"
"name": "13869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13869"
},
{
"name" : "13869",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13869"
"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to plain-text session credential leakage via script injection.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034413.html"
},
{
"name" : "15589",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15589/"
"name": "15589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15589/"
}
]
}

98
2005/4xxx/CVE-2005-4090.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4090",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4090",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact."
"lang": "eng",
"value": "Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBUX02082",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000081817276"
"name": "15759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15759"
},
{
"name" : "SSRT051037",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/9812"
"name": "oval:org.mitre.oval:def:5617",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5617"
},
{
"name" : "15759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15759"
"name": "HPSBUX02082",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000081817276"
},
{
"name" : "oval:org.mitre.oval:def:5617",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5617"
"name": "1015319",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015319"
},
{
"name" : "ADV-2005-2801",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2801"
"name": "17593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17593"
},
{
"name" : "1015319",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015319"
"name": "SSRT051037",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/9812"
},
{
"name" : "17593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17593"
"name": "ADV-2005-2801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2801"
}
]
}

86
2005/4xxx/CVE-2005-4283.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4283",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4283",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html"
"name": "21728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21728"
},
{
"name" : "15897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15897"
"name": "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/city-shop-xss-vuln.html"
},
{
"name" : "ADV-2005-2913",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2913"
"name": "ADV-2005-2913",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2913"
},
{
"name" : "21728",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21728"
"name": "15897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15897"
},
{
"name" : "18041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18041"
"name": "18041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18041"
}
]
}

80
2005/4xxx/CVE-2005-4416.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4416",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4416",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/0512-exploits/ztml.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0512-exploits/ztml.txt"
"name": "http://packetstormsecurity.org/0512-exploits/ztml.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0512-exploits/ztml.txt"
},
{
"name" : "15876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15876"
"name": "22075",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22075"
},
{
"name" : "21802",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21802"
"name": "21802",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21802"
},
{
"name" : "22075",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22075"
"name": "15876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15876"
}
]
}

74
2009/0xxx/CVE-2009-0181.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0181",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0181",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters."
"lang": "eng",
"value": "Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090106 VUPLAYER BufferOver flow POC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499810/100/0/threaded"
"name": "4921",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4921"
},
{
"name" : "4921",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4921"
"name": "20090106 VUPLAYER BufferOver flow POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499810/100/0/threaded"
},
{
"name" : "vuplayer-file-bo(48169)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48169"
"name": "vuplayer-file-bo(48169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48169"
}
]
}

230
2009/0xxx/CVE-2009-0591.json
View File

@ -1,201 +1,201 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0591",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0591",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
"lang": "eng",
"value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847"
"name": "SSRT090059",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2"
},
{
"name" : "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html",
"refsource" : "CONFIRM",
"url" : "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
"name": "ADV-2009-0850",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0850"
},
{
"name" : "http://www.openssl.org/news/secadv_20090325.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openssl.org/news/secadv_20090325.txt"
"name": "ADV-2009-1175",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1175"
},
{
"name" : "http://www.php.net/archive/2009.php#id2009-04-08-1",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2009.php#id2009-04-08-1"
"name": "42724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42724"
},
{
"name" : "http://support.apple.com/kb/HT3865",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3865"
"name": "openssl-cmsverify-security-bypass(49432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
},
{
"name" : "https://kb.bluecoat.com/index?page=content&id=SA50",
"refsource" : "CONFIRM",
"url" : "https://kb.bluecoat.com/index?page=content&id=SA50"
"name": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847"
},
{
"name" : "APPLE-SA-2009-09-10-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
"name": "34666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34666"
},
{
"name" : "HPSBUX02435",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124464882609472&w=2"
"name": "HPSBUX02435",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2"
},
{
"name" : "SSRT090059",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124464882609472&w=2"
"name": "ADV-2009-1020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1020"
},
{
"name" : "HPSBOV02540",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127678688104458&w=2"
"name": "35729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35729"
},
{
"name" : "NetBSD-SA2009-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
"name": "35380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35380"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
"name": "HPSBOV02540",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127678688104458&w=2"
},
{
"name" : "34256",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34256"
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name" : "52865",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/52865"
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name" : "1021907",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021907"
"name": "http://www.php.net/archive/2009.php#id2009-04-08-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
},
{
"name" : "34411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34411"
"name": "34411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34411"
},
{
"name" : "34460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34460"
"name": "NetBSD-SA2009-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
},
{
"name" : "34666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34666"
"name": "52865",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/52865"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "35380",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35380"
"name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html",
"refsource": "CONFIRM",
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
},
{
"name" : "35729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35729"
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name" : "36701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36701"
"name": "http://www.openssl.org/news/secadv_20090325.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20090325.txt"
},
{
"name" : "42724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42724"
"name": "ADV-2009-1548",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1548"
},
{
"name" : "42733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42733"
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
},
{
"name" : "ADV-2009-0850",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0850"
"name": "https://kb.bluecoat.com/index?page=content&id=SA50",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content&id=SA50"
},
{
"name" : "ADV-2009-1020",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1020"
"name": "34460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34460"
},
{
"name" : "ADV-2009-1175",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1175"
"name": "34256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34256"
},
{
"name" : "ADV-2009-1548",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1548"
"name": "1021907",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021907"
},
{
"name" : "openssl-cmsverify-security-bypass(49432)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
"name": "42733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42733"
}
]
}

86
2009/0xxx/CVE-2009-0603.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0603",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0603",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090205 Drupal Link Module XSS Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0036.html"
"name": "51780",
"refsource": "OSVDB",
"url": "http://osvdb.org/51780"
},
{
"name" : "33642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33642"
"name": "33835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33835"
},
{
"name" : "51780",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51780"
"name": "33642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33642"
},
{
"name" : "33835",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33835"
"name": "20090205 Drupal Link Module XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0036.html"
},
{
"name" : "link-description-xss(48553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48553"
"name": "link-description-xss(48553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48553"
}
]
}

80
2009/0xxx/CVE-2009-0811.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0811",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0811",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method."
"lang": "eng",
"value": "Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090226 Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501252/100/0/threaded"
"name": "sopcast-setexternalplayer-code-execution(48955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48955"
},
{
"name" : "http://retrogod.altervista.org/9sg_sopcastia.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/9sg_sopcastia.html"
"name": "33920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33920"
},
{
"name" : "33920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33920"
"name": "http://retrogod.altervista.org/9sg_sopcastia.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_sopcastia.html"
},
{
"name" : "sopcast-setexternalplayer-code-execution(48955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48955"
"name": "20090226 Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501252/100/0/threaded"
}
]
}

110
2009/0xxx/CVE-2009-0871.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0871",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0871",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
"name": "52568",
"refsource": "OSVDB",
"url": "http://osvdb.org/52568"
},
{
"name" : "http://bugs.digium.com/view.php?id=13547",
"refsource" : "CONFIRM",
"url" : "http://bugs.digium.com/view.php?id=13547"
"name": "34070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34070"
},
{
"name" : "http://bugs.digium.com/view.php?id=14417",
"refsource" : "CONFIRM",
"url" : "http://bugs.digium.com/view.php?id=14417"
"name": "1021834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021834"
},
{
"name" : "http://downloads.digium.com/pub/security/AST-2009-002.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.digium.com/pub/security/AST-2009-002.html"
"name": "20090310 AST-2009-002: Remote Crash Vulnerability in SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501656/100/0/threaded"
},
{
"name" : "34070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34070"
"name": "http://bugs.digium.com/view.php?id=14417",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=14417"
},
{
"name" : "52568",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52568"
"name": "http://bugs.digium.com/view.php?id=13547",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=13547"
},
{
"name" : "1021834",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021834"
"name": "http://downloads.digium.com/pub/security/AST-2009-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-002.html"
},
{
"name" : "34229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34229"
"name": "ADV-2009-0667",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0667"
},
{
"name" : "ADV-2009-0667",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0667"
"name": "34229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34229"
}
]
}

86
2009/0xxx/CVE-2009-0998.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0998",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-0998",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefits component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
"name": "53758",
"refsource": "OSVDB",
"url": "http://osvdb.org/53758"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name" : "53758",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53758"
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34693"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}

98
2009/1xxx/CVE-2009-1334.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1334",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1334",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS",
"refsource" : "MISC",
"url" : "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS"
"name": "34646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34646"
},
{
"name" : "34513",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34513"
"name": "53651",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/53651"
},
{
"name" : "53651",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/53651"
"name": "34513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34513"
},
{
"name" : "1022060",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022060"
"name": "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS",
"refsource": "MISC",
"url": "http://www.insight-tech.org/index.php?p=IBM-Tivoli-Continuous-Data-Protection-for-Files-version-3-1-4-0---XSS"
},
{
"name" : "34646",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34646"
"name": "1022060",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022060"
},
{
"name" : "ADV-2009-1021",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1021"
"name": "tivoli-cdpf-reason-xss(49872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49872"
},
{
"name" : "tivoli-cdpf-reason-xss(49872)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49872"
"name": "ADV-2009-1021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1021"
}
]
}

110
2009/1xxx/CVE-2009-1531.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1531",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1531",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka \"HTML Object Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka \"HTML Object Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090610 ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504216/100/0/threaded"
"name": "ADV-2009-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1538"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-039",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-039"
"name": "MS09-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
},
{
"name" : "MS09-019",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
"name": "20090610 ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504216/100/0/threaded"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-039",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-039"
},
{
"name" : "35234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35234"
"name": "35234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35234"
},
{
"name" : "54950",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54950"
"name": "oval:org.mitre.oval:def:6308",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308"
},
{
"name" : "oval:org.mitre.oval:def:6308",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308"
"name": "54950",
"refsource": "OSVDB",
"url": "http://osvdb.org/54950"
},
{
"name" : "1022350",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022350"
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "ADV-2009-1538",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1538"
"name": "1022350",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022350"
}
]
}

92
2009/1xxx/CVE-2009-1942.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1942",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1942",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://drupal.org/node/481270",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/481270"
"name": "35199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35199"
},
{
"name" : "http://drupal.org/node/481274",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/481274"
"name": "http://drupal.org/node/481270",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481270"
},
{
"name" : "http://drupal.org/node/481308",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/481308"
"name": "35345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35345"
},
{
"name" : "35199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35199"
"name": "54880",
"refsource": "OSVDB",
"url": "http://osvdb.org/54880"
},
{
"name" : "54880",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54880"
"name": "http://drupal.org/node/481308",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481308"
},
{
"name" : "35345",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35345"
"name": "http://drupal.org/node/481274",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481274"
}
]
}

116
2009/4xxx/CVE-2009-4006.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4006",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4006",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
"lang": "eng",
"value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
"name": "60427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60427"
},
{
"name" : "http://secunia.com/secunia_research/2009-46/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-46/"
"name": "1023199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023199"
},
{
"name" : "http://www.serv-u.com/releasenotes/",
"refsource" : "MISC",
"url" : "http://www.serv-u.com/releasenotes/"
"name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
},
{
"name" : "37051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37051"
"name": "http://secunia.com/secunia_research/2009-46/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-46/"
},
{
"name" : "60427",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/60427"
"name": "oval:org.mitre.oval:def:6142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
},
{
"name" : "oval:org.mitre.oval:def:6142",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
"name": "ADV-2009-3277",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3277"
},
{
"name" : "1023199",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023199"
"name": "http://www.serv-u.com/releasenotes/",
"refsource": "MISC",
"url": "http://www.serv-u.com/releasenotes/"
},
{
"name" : "37228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37228"
"name": "37228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37228"
},
{
"name" : "ADV-2009-3277",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3277"
"name": "37051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37051"
},
{
"name" : "servu-tea-bo(54322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
"name": "servu-tea-bo(54322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
}
]
}

68
2009/4xxx/CVE-2009-4050.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4050",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4050",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "60073",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60073"
"name": "37370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37370"
},
{
"name" : "37370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37370"
"name": "60073",
"refsource": "OSVDB",
"url": "http://osvdb.org/60073"
}
]
}

80
2009/4xxx/CVE-2009-4083.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4083",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4083",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) submitnews.php, (2) usersettings.php; and (3) newpost.php, (4) banlist.php, (5) banner.php, (6) cpage.php, (7) download.php, (8) users_extended.php, (9) frontpage.php, (10) links.php, and (11) mailout.php in e107_admin/. NOTE: this may overlap CVE-2004-2040 and CVE-2006-4794, but there are insufficient details to be certain."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
"name": "20091123 [Bkis-13-2009] e107 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508007/100/0/threaded"
},
{
"name" : "http://blog.bkis.com/e107-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://blog.bkis.com/e107-multiple-vulnerabilities/"
"name": "http://blog.bkis.com/e107-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://blog.bkis.com/e107-multiple-vulnerabilities/"
},
{
"name" : "37087",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37087"
"name": "e107-multiple-unspecified-xss(54372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
},
{
"name" : "e107-multiple-unspecified-xss(54372)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54372"
"name": "37087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37087"
}
]
}

68
2009/4xxx/CVE-2009-4199.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4199",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4199",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "8872",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8872"
"name": "35202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35202"
},
{
"name" : "35202",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35202"
"name": "8872",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8872"
}
]
}

68
2009/4xxx/CVE-2009-4630.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4630",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4630",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating \"I don't think we necessarily need to worry about that case.\""
"lang": "eng",
"value": "Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating \"I don't think we necessarily need to worry about that case.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=453403",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=453403"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=492196",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=492196"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=492196",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=492196"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=453403",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=453403"
}
]
}

80
2009/4xxx/CVE-2009-4804.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4804",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4804",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\""
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via \"search parameters.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://typo3.org/extensions/repository/view/cal/1.1.1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/cal/1.1.1/"
"name": "http://typo3.org/extensions/repository/view/cal/1.1.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cal/1.1.1/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name" : "33996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33996"
"name": "34155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34155"
},
{
"name" : "34155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34155"
"name": "33996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33996"
}
]
}

110
2012/2xxx/CVE-2012-2395.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2395",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2395",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API."
"lang": "eng",
"value": "Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120523 CVE request: cobbler command injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/23/4"
"name": "SUSE-SU-2012:0814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
},
{
"name" : "[oss-security] 20120523 Re: CVE request: cobbler command injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/23/18"
"name": "[oss-security] 20120523 CVE request: cobbler command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/4"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
"name": "53666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53666"
},
{
"name" : "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf",
"refsource" : "CONFIRM",
"url" : "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
"name": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf",
"refsource": "CONFIRM",
"url": "https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf"
},
{
"name" : "https://github.com/cobbler/cobbler/issues/141",
"refsource" : "CONFIRM",
"url" : "https://github.com/cobbler/cobbler/issues/141"
"name": "[oss-security] 20120523 Re: CVE request: cobbler command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/18"
},
{
"name" : "openSUSE-SU-2012:0655",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
"name": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999"
},
{
"name" : "SUSE-SU-2012:0814",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html"
"name": "https://github.com/cobbler/cobbler/issues/141",
"refsource": "CONFIRM",
"url": "https://github.com/cobbler/cobbler/issues/141"
},
{
"name" : "53666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53666"
"name": "openSUSE-SU-2012:0655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html"
},
{
"name" : "82458",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/82458"
"name": "82458",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82458"
}
]
}

74
2012/2xxx/CVE-2012-2396.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2396",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2396",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file."
"lang": "eng",
"value": "VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18757",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18757/"
"name": "oval:org.mitre.oval:def:15615",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
},
{
"name" : "oval:org.mitre.oval:def:15615",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15615"
"name": "vlc-mp4-dos(75038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
},
{
"name" : "vlc-mp4-dos(75038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75038"
"name": "18757",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18757/"
}
]
}

22
2012/2xxx/CVE-2012-2608.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2608",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2608",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2012/2xxx/CVE-2012-2703.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2703",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2703",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"$conf variable in settings.php.\""
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the \"$conf variable in settings.php.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3"
"name": "http://drupal.org/node/1585544",
"refsource": "MISC",
"url": "http://drupal.org/node/1585544"
},
{
"name" : "http://drupal.org/node/1585544",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1585544"
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name" : "http://drupalcode.org/project/ad.git/commitdiff/4337f34",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/ad.git/commitdiff/4337f34"
"name": "https://drupal.org/node/1580376",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/1580376"
},
{
"name" : "https://drupal.org/node/1580376",
"refsource" : "CONFIRM",
"url" : "https://drupal.org/node/1580376"
"name": "advertisement-settings-xss(75718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75718"
},
{
"name" : "advertisement-settings-xss(75718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75718"
"name": "http://drupalcode.org/project/ad.git/commitdiff/4337f34",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ad.git/commitdiff/4337f34"
}
]
}

62
2012/3xxx/CVE-2012-3004.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3004",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3004",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory."
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf"
}
]
}

22
2012/3xxx/CVE-2012-3539.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3539",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-3539",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4681. Reason: This candidate is a duplicate of CVE-2012-4681. Notes: All CVE users should reference CVE-2012-4681 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4681. Reason: This candidate is a duplicate of CVE-2012-4681. Notes: All CVE users should reference CVE-2012-4681 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

110
2012/3xxx/CVE-2012-3864.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3864",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3864",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request."
"lang": "eng",
"value": "Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://puppetlabs.com/security/cve/cve-2012-3864/",
"refsource" : "CONFIRM",
"url" : "http://puppetlabs.com/security/cve/cve-2012-3864/"
"name": "SUSE-SU-2012:0983",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=839130",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=839130"
"name": "http://puppetlabs.com/security/cve/cve-2012-3864/",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-3864/"
},
{
"name" : "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4",
"refsource" : "CONFIRM",
"url" : "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"
"name": "DSA-2511",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2511"
},
{
"name" : "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87",
"refsource" : "CONFIRM",
"url" : "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"
"name": "USN-1506-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1506-1"
},
{
"name" : "DSA-2511",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2511"
"name": "50014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50014"
},
{
"name" : "SUSE-SU-2012:0983",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"
"name": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4",
"refsource": "CONFIRM",
"url": "https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4"
},
{
"name" : "openSUSE-SU-2012:0891",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"
"name": "openSUSE-SU-2012:0891",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"
},
{
"name" : "USN-1506-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1506-1"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=839130",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=839130"
},
{
"name" : "50014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50014"
"name": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87",
"refsource": "CONFIRM",
"url": "https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87"
}
]
}

152
2012/3xxx/CVE-2012-3988.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3988",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3988",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation."
"lang": "eng",
"value": "Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html"
"name": "50904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50904"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=725770",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=725770"
"name": "50984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50984"
},
{
"name" : "MDVSA-2012:163",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
"name": "50935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50935"
},
{
"name" : "RHSA-2012:1351",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
"name": "firefox-full-screen-code-exec(79149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79149"
},
{
"name" : "SUSE-SU-2012:1351",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
"name": "50856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50856"
},
{
"name" : "USN-1611-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1611-1"
"name": "50892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50892"
},
{
"name" : "86109",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86109"
"name": "RHSA-2012:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
},
{
"name" : "oval:org.mitre.oval:def:16334",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16334"
"name": "oval:org.mitre.oval:def:16334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16334"
},
{
"name" : "50856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50856"
"name": "86109",
"refsource": "OSVDB",
"url": "http://osvdb.org/86109"
},
{
"name" : "50892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50892"
"name": "50936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50936"
},
{
"name" : "50904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50904"
"name": "55318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55318"
},
{
"name" : "50935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50935"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=725770",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=725770"
},
{
"name" : "50936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50936"
"name": "SUSE-SU-2012:1351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"name" : "50984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50984"
"name": "MDVSA-2012:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
},
{
"name" : "55318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55318"
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-79.html"
},
{
"name" : "firefox-full-screen-code-exec(79149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79149"
"name": "USN-1611-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1611-1"
}
]
}

22
2012/6xxx/CVE-2012-6402.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6402",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6402",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}

80
2012/6xxx/CVE-2012-6536.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6536",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6536",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state."
"lang": "eng",
"value": "net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13"
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720"
"name": "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720"
},
{
"name" : "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ecd7918745234e423dd87fcc0c077da557909720"
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ecd7918745234e423dd87fcc0c077da557909720"
}
]
}

80
2012/6xxx/CVE-2012-6559.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6559",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6559",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18900",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18900"
"name": "53617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53617"
},
{
"name" : "53617",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53617"
"name": "freenac-deviceadd-xss(75762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75762"
},
{
"name" : "freenac-deviceadd-xss(75762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75762"
"name": "freenac-stats-xss(75761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75761"
},
{
"name" : "freenac-stats-xss(75761)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75761"
"name": "18900",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18900"
}
]
}

74
2015/1xxx/CVE-2015-1676.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1676",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1676",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability,\" a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680."
"lang": "eng",
"value": "The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka \"Microsoft Windows Kernel Memory Disclosure Vulnerability,\" a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS15-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051"
"name": "MS15-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051"
},
{
"name" : "74483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74483"
"name": "1032294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032294"
},
{
"name" : "1032294",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032294"
"name": "74483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74483"
}
]
}

68
2015/5xxx/CVE-2015-5434.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5434",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5434",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via \"Virtual routing and forwarding (VRF) hopping.\""
"lang": "eng",
"value": "HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via \"Virtual routing and forwarding (VRF) hopping.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492"
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04779492"
},
{
"name" : "79869",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79869"
"name": "79869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79869"
}
]
}

80
2015/5xxx/CVE-2015-5504.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5504",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5504",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
"name": "https://www.drupal.org/node/2499787",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2499787"
},
{
"name" : "https://www.drupal.org/node/2499787",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2499787"
"name": "75040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75040"
},
{
"name" : "75039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75039"
"name": "75039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75039"
},
{
"name" : "75040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75040"
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}

92
2015/5xxx/CVE-2015-5758.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5758",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5758",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
"lang": "eng",
"value": "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76343"
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
}
]
}

96
2017/2xxx/CVE-2017-2302.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"ID" : "CVE-2017-2302",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2302",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Junos OS where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options",
"version" : {
"version_data" : [
"product_name": "Junos OS where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options",
"version": {
"version_data": [
{
"version_value" : "12.1X46 prior to 12.1X46-D55"
"version_value": "12.1X46 prior to 12.1X46-D55"
},
{
"version_value" : "12.1X47 prior to 12.1X47-D45"
"version_value": "12.1X47 prior to 12.1X47-D45"
},
{
"version_value" : "12.3R13 prior to 12.3R13"
"version_value": "12.3R13 prior to 12.3R13"
},
{
"version_value" : "12.3X48 prior to 12.3X48-D35"
"version_value": "12.3X48 prior to 12.3X48-D35"
},
{
"version_value" : "13.3 prior to 13.3R10"
"version_value": "13.3 prior to 13.3R10"
},
{
"version_value" : "14.1 prior to 14.1R8"
"version_value": "14.1 prior to 14.1R8"
},
{
"version_value" : "14.1X53 prior to 14.1X53-D40"
"version_value": "14.1X53 prior to 14.1X53-D40"
},
{
"version_value" : "14.1X55 prior to 14.1X55-D35"
"version_value": "14.1X55 prior to 14.1X55-D35"
},
{
"version_value" : "14.2 prior to 14.2R6"
"version_value": "14.2 prior to 14.2R6"
},
{
"version_value" : "15.1 prior to 15.1F2 or 15.1R1"
"version_value": "15.1 prior to 15.1F2 or 15.1R1"
},
{
"version_value" : "15.1X49 prior to 15.1X49-D20"
"version_value": "15.1X49 prior to 15.1X49-D20"
},
{
"version_value" : "16.1 and subsequent releases contain a fix"
"version_value": "16.1 and subsequent releases contain a fix"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition."
"lang": "eng",
"value": "On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "rpd daemon crash denial of service"
"lang": "eng",
"value": "rpd daemon crash denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/JSA10771",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10771"
"name": "https://kb.juniper.net/JSA10771",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10771"
},
{
"name" : "95394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95394"
"name": "1037595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037595"
},
{
"name" : "1037595",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037595"
"name": "95394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95394"
}
]
}

74
2017/2xxx/CVE-2017-2421.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2421",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2421",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
"name": "97140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97140"
},
{
"name" : "97140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97140"
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
}
]
}

62
2018/11xxx/CVE-2018-11407.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11407",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11407",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a \"null\" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403."
"lang": "eng",
"value": "An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a \"null\" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password",
"refsource" : "CONFIRM",
"url" : "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"
"name": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password",
"refsource": "CONFIRM",
"url": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"
}
]
}

80
2018/11xxx/CVE-2018-11410.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11410",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11410",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
"lang": "eng",
"value": "An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1582024",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1582024"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1582024",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582024"
},
{
"name" : "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing"
"name": "USN-3669-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3669-1/"
},
{
"name" : "USN-3669-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3669-1/"
"name": "104324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104324"
},
{
"name" : "104324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104324"
"name": "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/1Uw3D6ECXZr8S2cWOTY81kg6ivv0WpR4kQqxVpUSyGUA/edit?usp=sharing"
}
]
}

22
2018/11xxx/CVE-2018-11801.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11801",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11801",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/11xxx/CVE-2018-11879.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11879",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11879",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value" : "SD 845"
"version_value": "SD 845"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845"
"lang": "eng",
"value": "When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Integer Overflow to Buffer Overflow in WLAN"
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow in WLAN"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}

80
2018/14xxx/CVE-2018-14058.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14058",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14058",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Pimcore before 5.3.0 allows SQL Injection via the REST web service API."
"lang": "eng",
"value": "Pimcore before 5.3.0 allows SQL Injection via the REST web service API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "45208",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45208/"
"name": "20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/13"
},
{
"name" : "20180816 SEC Consult SA-20180813-0 :: SQL Injection, XSS & CSRF vulnerabilities in Pimcore",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Aug/13"
"name": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name" : "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html"
"name": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/"
"name": "45208",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45208/"
}
]
}

22
2018/15xxx/CVE-2018-15220.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15220",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15220",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/15xxx/CVE-2018-15253.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15253",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15253",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/15xxx/CVE-2018-15354.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"ID" : "CVE-2018-15354",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15354",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Kraftway",
"version" : {
"version_data" : [
"product_name": "Kraftway",
"version": {
"version_data": [
{
"version_value" : "Kraftway 24F2XG Router firmware 3.5.30.1118"
"version_value": "Kraftway 24F2XG Router firmware 3.5.30.1118"
}
]
}
}
]
},
"vendor_name" : "Kaspersky Lab"
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118."
"lang": "eng",
"value": "A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "A Buffer Overflow exploited through web interface by remote attacker cause denial of service"
"lang": "eng",
"value": "A Buffer Overflow exploited through web interface by remote attacker cause denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/"
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-010-kraftway-24f2xg-router-denial-of-service/"
}
]
}

88
2018/15xxx/CVE-2018-15370.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-26T16:00:00-0500",
"ID" : "CVE-2018-15370",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-15370",
"STATE": "PUBLIC",
"TITLE": "Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Catalyst 6800 Series Switches",
"version" : {
"version_data" : [
"product_name": "Cisco Catalyst 6800 Series Switches",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
"vendor_name": "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco."
"lang": "eng",
"value": "A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.4",
"version" : "3.0"
"impact": {
"cvss": {
"baseScore": "6.4",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-264"
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180926 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800"
"name": "20180926 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800"
},
{
"name" : "105412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105412"
"name": "105412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105412"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180926-catalyst6800",
"defect" : [
"source": {
"advisory": "cisco-sa-20180926-catalyst6800",
"defect": [
[
"CSCvc16091"
]
],
"discovery" : "UNKNOWN"
"discovery": "UNKNOWN"
}
}

22
2018/3xxx/CVE-2018-3505.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3505",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3505",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/3xxx/CVE-2018-3553.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3553",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3553",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2018/3xxx/CVE-2018-3810.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3810",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3810",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code."
"lang": "eng",
"value": "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43420",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43420/"
"name": "https://wordpress.org/plugins/smart-google-code-inserter/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/smart-google-code-inserter/#developers"
},
{
"name" : "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html",
"refsource" : "MISC",
"url" : "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html"
"name": "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html",
"refsource": "MISC",
"url": "https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html"
},
{
"name" : "https://wordpress.org/plugins/smart-google-code-inserter/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/smart-google-code-inserter/#developers"
"name": "https://wpvulndb.com/vulnerabilities/8987",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8987"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8987",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8987"
"name": "43420",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43420/"
}
]
}

102
2018/8xxx/CVE-2018-8367.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8367",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8367",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Windows 10 for 32-bit Systems"
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value" : "ChakraCore"
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467."
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8367"
},
{
"name" : "105245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105245"
"name": "1041623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041623"
},
{
"name" : "1041623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041623"
"name": "105245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105245"
}
]
}

110
2018/8xxx/CVE-2018-8573.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8573",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8573",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Word",
"version" : {
"version_data" : [
"product_name": "Microsoft Word",
"version": {
"version_data": [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
"version_value": "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 (32-bit edition)"
"version_value": "2016 (32-bit edition)"
},
{
"version_value" : "2016 (64-bit edition)"
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2019 for 32-bit editions"
"version_value": "2019 for 32-bit editions"
},
{
"version_value" : "2019 for 64-bit editions"
"version_value": "2019 for 64-bit editions"
}
]
}
},
{
"product_name" : "Office",
"version" : {
"version_data" : [
"product_name": "Office",
"version": {
"version_data": [
{
"version_value" : "365 ProPlus for 32-bit Systems"
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value" : "365 ProPlus for 64-bit Systems"
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539."
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8539."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573"
"name": "105836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105836"
},
{
"name" : "105836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105836"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8573"
},
{
"name" : "1042114",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042114"
"name": "1042114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042114"
}
]
}

22
2018/8xxx/CVE-2018-8863.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8863",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8863",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/8xxx/CVE-2018-8878.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8878",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8878",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/8xxx/CVE-2018-8939.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8939",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8939",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands."
"lang": "eng",
"value": "An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm",
"refsource" : "CONFIRM",
"url" : "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm"
"name": "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm",
"refsource": "CONFIRM",
"url": "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm"
}
]
}