admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:20:21 +00:00
parent 50ba92751a
commit c391610c76
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4277 additions and 4277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2005/0xxx/CVE-2005-0116.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050117 AWStats Remote Command Execution Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false"
},
{
"name" : "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf"
},
{
"name" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
},
{
"name" : "VU#272296",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/272296"
},
{
"name" : "12298",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12298"
},
{
"name" : "13002",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/13002"
},
{
"name" : "13893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13893/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050117 AWStats Remote Command Execution Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false"
},
{
"name": "12298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12298"
},
{
"name": "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf"
},
{
"name": "VU#272296",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/272296"
},
{
"name": "13002",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13002"
},
{
"name": "13893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13893/"
},
{
"name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt",
"refsource": "CONFIRM",
"url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
}
]
}
}

150
2005/0xxx/CVE-2005-0138.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050601-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U"
},
{
"name" : "P-214",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-214.shtml"
},
{
"name" : "ADV-2005-0702",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0702"
},
{
"name" : "15619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050601-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U"
},
{
"name": "ADV-2005-0702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0702"
},
{
"name": "15619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15619"
},
{
"name": "P-214",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-214.shtml"
}
]
}
}

250
2005/0xxx/CVE-2005-0870.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111161017209422&w=2"
},
{
"name" : "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/416543"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name" : "DSA-724",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-724"
},
{
"name" : "DSA-897",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-897"
},
{
"name" : "DSA-898",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-898"
},
{
"name" : "DSA-899",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-899"
},
{
"name" : "MDKSA-2005:212",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name" : "15414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15414"
},
{
"name" : "12887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12887"
},
{
"name" : "14690",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14690/"
},
{
"name" : "17616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17616"
},
{
"name" : "17643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17643"
},
{
"name" : "phpsysinfo-sensor-program-xss(19807)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111161017209422&w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17643"
}
]
}
}

150
2005/0xxx/CVE-2005-0887.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=315144",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=315144"
},
{
"name" : "1013559",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013559"
},
{
"name" : "14688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14688"
},
{
"name" : "dcl-file-include(19806)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19806"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14688"
},
{
"name": "dcl-file-include(19806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19806"
},
{
"name": "1013559",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013559"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=315144",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=315144"
}
]
}
}

170
2005/1xxx/CVE-2005-1045.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050408 OpenText FirstClass 8.0 Client Arbitrary File Execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111323587931293&w=2"
},
{
"name" : "13079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13079"
},
{
"name" : "15356",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15356"
},
{
"name" : "14898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14898/"
},
{
"name" : "1013665",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013665"
},
{
"name" : "firstclass-bookmark-command-execution(20032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15356"
},
{
"name": "13079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13079"
},
{
"name": "1013665",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013665"
},
{
"name": "14898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14898/"
},
{
"name": "20050408 OpenText FirstClass 8.0 Client Arbitrary File Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111323587931293&w=2"
},
{
"name": "firstclass-bookmark-command-execution(20032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20032"
}
]
}
}

150
2005/1xxx/CVE-2005-1530.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos Anti-Virus 5.0.1, with \"Scan inside archive files\" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050714 Sophos Anti-Virus Zip File Handling DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true"
},
{
"name" : "14270",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14270"
},
{
"name" : "1014488",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014488"
},
{
"name" : "sophos-bzip2-dos(21373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos Anti-Virus 5.0.1, with \"Scan inside archive files\" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14270"
},
{
"name": "20050714 Sophos Anti-Virus Zip File Handling DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true"
},
{
"name": "1014488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014488"
},
{
"name": "sophos-bzip2-dos(21373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21373"
}
]
}
}

120
2005/1xxx/CVE-2005-1574.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the \"Acquire licenses automatically for protected content\" setting is not enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "892313",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];892313"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the \"Acquire licenses automatically for protected content\" setting is not enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "892313",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];892313"
}
]
}
}

180
2005/3xxx/CVE-2005-3543.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051104 [waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113122911424216&w=2"
},
{
"name" : "http://www.waraxe.us/advisory-43.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-43.html"
},
{
"name" : "http://phorum.org/story.php?57",
"refsource" : "CONFIRM",
"url" : "http://phorum.org/story.php?57"
},
{
"name" : "ADV-2005-2332",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2332"
},
{
"name" : "20524",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20524"
},
{
"name" : "17456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17456"
},
{
"name" : "153",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-43.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-43.html"
},
{
"name": "17456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17456"
},
{
"name": "20051104 [waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113122911424216&w=2"
},
{
"name": "153",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/153"
},
{
"name": "ADV-2005-2332",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2332"
},
{
"name": "20524",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20524"
},
{
"name": "http://phorum.org/story.php?57",
"refsource": "CONFIRM",
"url": "http://phorum.org/story.php?57"
}
]
}
}

200
2005/3xxx/CVE-2005-3644.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-3644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1328",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1328"
},
{
"name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116",
"refsource" : "MISC",
"url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116"
},
{
"name" : "911052",
"refsource" : "MSKB",
"url" : "http://www.microsoft.com/technet/security/advisory/911052.mspx"
},
{
"name" : "http://www.securiteam.com/exploits/6V00C15EKM.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/6V00C15EKM.html"
},
{
"name" : "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php",
"refsource" : "MISC",
"url" : "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php"
},
{
"name" : "http://research.eeye.com/html/alerts/zeroday/20051116.html",
"refsource" : "MISC",
"url" : "http://research.eeye.com/html/alerts/zeroday/20051116.html"
},
{
"name" : "15460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15460"
},
{
"name" : "1015233",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015233"
},
{
"name" : "17595",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "911052",
"refsource": "MSKB",
"url": "http://www.microsoft.com/technet/security/advisory/911052.mspx"
},
{
"name": "15460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15460"
},
{
"name": "1015233",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015233"
},
{
"name": "http://www.securiteam.com/exploits/6V00C15EKM.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/6V00C15EKM.html"
},
{
"name": "17595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17595"
},
{
"name": "http://research.eeye.com/html/alerts/zeroday/20051116.html",
"refsource": "MISC",
"url": "http://research.eeye.com/html/alerts/zeroday/20051116.html"
},
{
"name": "1328",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1328"
},
{
"name": "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php",
"refsource": "MISC",
"url": "http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php"
},
{
"name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116",
"refsource": "MISC",
"url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116"
}
]
}
}

130
2005/3xxx/CVE-2005-3697.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15469"
},
{
"name" : "17625",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15469"
},
{
"name": "17625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17625"
}
]
}
}

310
2005/3xxx/CVE-2005-3848.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka \"DST leak in icmp_push_reply.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20050817 [PATCH] fix dst_entry leak in icmp_push_reply()",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=112431016816937&w=2"
},
{
"name" : "[linux-kernel] 20050818 Re: [PATCH] fix dst_entry leak in icmp_push_reply()",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=112439084918917&w=2"
},
{
"name" : "[linux-kernel] 20050826 [PATCH 4/7] [IPV4]: Fix DST leak in icmp_push_reply()",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=112508479212728&w=2"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch"
},
{
"name" : "DSA-1017",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1017"
},
{
"name" : "DSA-1018",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1018"
},
{
"name" : "MDKSA-2006:072",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name" : "RHSA-2006:0101",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name" : "RHSA-2006:0140",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name" : "SUSE-SA:2006:012",
"refsource" : "SUSE",
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html"
},
{
"name" : "USN-231-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/231-1/"
},
{
"name" : "16044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16044"
},
{
"name" : "oval:org.mitre.oval:def:11346",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11346"
},
{
"name" : "18203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18203"
},
{
"name" : "18510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18510"
},
{
"name" : "18562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18562"
},
{
"name" : "19038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19038"
},
{
"name" : "19374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19374"
},
{
"name" : "19369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19369"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka \"DST leak in icmp_push_reply.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name": "19038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19038"
},
{
"name": "[linux-kernel] 20050817 [PATCH] fix dst_entry leak in icmp_push_reply()",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=112431016816937&w=2"
},
{
"name": "[linux-kernel] 20050826 [PATCH 4/7] [IPV4]: Fix DST leak in icmp_push_reply()",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=112508479212728&w=2"
},
{
"name": "19369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19369"
},
{
"name": "18203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18203"
},
{
"name": "RHSA-2006:0101",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name": "16044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16044"
},
{
"name": "DSA-1018",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1018"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb94c62c252796f42bb83fe40960d12f3ea5a82a"
},
{
"name": "oval:org.mitre.oval:def:11346",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11346"
},
{
"name": "18510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18510"
},
{
"name": "SUSE-SA:2006:012",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html"
},
{
"name": "MDKSA-2006:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name": "DSA-1017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1017"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
},
{
"name": "[linux-kernel] 20050818 Re: [PATCH] fix dst_entry leak in icmp_push_reply()",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=112439084918917&w=2"
},
{
"name": "USN-231-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/231-1/"
},
{
"name": "18562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18562"
}
]
}
}

140
2005/3xxx/CVE-2005-3854.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt"
},
{
"name" : "21007",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21007"
},
{
"name" : "1015211",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015211"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21007",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21007"
},
{
"name": "1015211",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015211"
},
{
"name": "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0511-exploits/EasyPageCMSXSS.txt"
}
]
}
}

170
2005/4xxx/CVE-2005-4175.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051213 Bios Information Leakage",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419610/100/0/threaded"
},
{
"name" : "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt",
"refsource" : "MISC",
"url" : "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt"
},
{
"name" : "http://www.ivizsecurity.com/preboot-patch.html",
"refsource" : "MISC",
"url" : "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource" : "MISC",
"url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name" : "VU#847537",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/847537"
},
{
"name" : "15751",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15751"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "15751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15751"
},
{
"name": "20051213 Bios Information Leakage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419610/100/0/threaded"
},
{
"name": "VU#847537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/847537"
},
{
"name": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt",
"refsource": "MISC",
"url": "http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt"
}
]
}
}

130
2005/4xxx/CVE-2005-4274.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
},
{
"name" : "1015355",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015355",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
]
}
}

120
2005/4xxx/CVE-2005-4845.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050301 IObjectSafety and Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/391803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050301 IObjectSafety and Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/391803"
}
]
}
}

160
2009/0xxx/CVE-2009-0324.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7814",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7814"
},
{
"name" : "http://bibciter.sourceforge.net/?p=35",
"refsource" : "CONFIRM",
"url" : "http://bibciter.sourceforge.net/?p=35"
},
{
"name" : "33329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33329"
},
{
"name" : "33555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33555"
},
{
"name" : "bibciter-projects-sql-injection(48080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33329"
},
{
"name": "7814",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7814"
},
{
"name": "bibciter-projects-sql-injection(48080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48080"
},
{
"name": "http://bibciter.sourceforge.net/?p=35",
"refsource": "CONFIRM",
"url": "http://bibciter.sourceforge.net/?p=35"
},
{
"name": "33555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33555"
}
]
}
}

180
2009/0xxx/CVE-2009-0413.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.roundcube.net/changeset/2245",
"refsource" : "CONFIRM",
"url" : "http://trac.roundcube.net/changeset/2245"
},
{
"name" : "FEDORA-2009-1256",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00082.html"
},
{
"name" : "33372",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33372"
},
{
"name" : "33827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33827"
},
{
"name" : "ADV-2009-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0192"
},
{
"name" : "33622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33622"
},
{
"name" : "roundcube-html-xss(48129)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.roundcube.net/changeset/2245",
"refsource": "CONFIRM",
"url": "http://trac.roundcube.net/changeset/2245"
},
{
"name": "ADV-2009-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0192"
},
{
"name": "33372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33372"
},
{
"name": "roundcube-html-xss(48129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48129"
},
{
"name": "33622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33622"
},
{
"name": "33827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33827"
},
{
"name": "FEDORA-2009-1256",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00082.html"
}
]
}
}

170
2009/0xxx/CVE-2009-0465.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7928",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7928"
},
{
"name" : "http://www.dsecrg.com/pages/vul/show.php?id=62",
"refsource" : "MISC",
"url" : "http://www.dsecrg.com/pages/vul/show.php?id=62"
},
{
"name" : "33535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33535"
},
{
"name" : "51693",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51693"
},
{
"name" : "33728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33728"
},
{
"name" : "ADV-2009-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\\boot.ini\\0 argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33535"
},
{
"name": "51693",
"refsource": "OSVDB",
"url": "http://osvdb.org/51693"
},
{
"name": "http://www.dsecrg.com/pages/vul/show.php?id=62",
"refsource": "MISC",
"url": "http://www.dsecrg.com/pages/vul/show.php?id=62"
},
{
"name": "ADV-2009-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0298"
},
{
"name": "33728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33728"
},
{
"name": "7928",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7928"
}
]
}
}

130
2009/0xxx/CVE-2009-0622.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-0622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name" : "33900",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}

290
2009/1xxx/CVE-2009-1865.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
},
{
"name" : "http://support.apple.com/kb/HT3864",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3864"
},
{
"name" : "http://support.apple.com/kb/HT3865",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3865"
},
{
"name" : "APPLE-SA-2009-09-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2009-09-10-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name" : "GLSA-200908-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200908-04.xml"
},
{
"name" : "266108",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
},
{
"name" : "35890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35890"
},
{
"name" : "35906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35906"
},
{
"name" : "oval:org.mitre.oval:def:7011",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011"
},
{
"name" : "oval:org.mitre.oval:def:16338",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338"
},
{
"name" : "1022629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022629"
},
{
"name" : "36193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36193"
},
{
"name" : "36374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36374"
},
{
"name" : "36701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36701"
},
{
"name" : "ADV-2009-2086",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2086"
},
{
"name" : "flash-air-code-execution-var1(52182)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a \"null pointer vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "266108",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
},
{
"name": "APPLE-SA-2009-09-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html"
},
{
"name": "GLSA-200908-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200908-04.xml"
},
{
"name": "http://support.apple.com/kb/HT3864",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3864"
},
{
"name": "oval:org.mitre.oval:def:7011",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7011"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
},
{
"name": "1022629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022629"
},
{
"name": "flash-air-code-execution-var1(52182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52182"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "ADV-2009-2086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2086"
},
{
"name": "35890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35890"
},
{
"name": "oval:org.mitre.oval:def:16338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16338"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
},
{
"name": "36374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36374"
},
{
"name": "35906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35906"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36193"
},
{
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
}
]
}
}

220
2009/1xxx/CVE-2009-1903.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1903",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=667538",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=667538"
},
{
"name" : "FEDORA-2009-2654",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html"
},
{
"name" : "FEDORA-2009-2686",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html"
},
{
"name" : "GLSA-200907-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-02.xml"
},
{
"name" : "34096",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34096"
},
{
"name" : "52552",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/52552"
},
{
"name" : "34256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34256"
},
{
"name" : "34311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34311"
},
{
"name" : "35687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35687"
},
{
"name" : "ADV-2009-0703",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0703"
},
{
"name" : "modsecurity-pdfxss-dos(49211)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49211"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-2654",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html"
},
{
"name": "52552",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/52552"
},
{
"name": "GLSA-200907-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-02.xml"
},
{
"name": "34256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34256"
},
{
"name": "35687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35687"
},
{
"name": "34311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34311"
},
{
"name": "FEDORA-2009-2686",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=667538",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=667538"
},
{
"name": "modsecurity-pdfxss-dos(49211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49211"
},
{
"name": "ADV-2009-0703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0703"
},
{
"name": "34096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34096"
}
]
}
}

34
2009/3xxx/CVE-2009-3394.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3394",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3394",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

620
2009/3xxx/CVE-2009-3609.json
View File

@ -1,312 +1,312 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name" : "http://poppler.freedesktop.org/",
"refsource" : "CONFIRM",
"url" : "http://poppler.freedesktop.org/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526893",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
},
{
"name" : "DSA-2028",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2028"
},
{
"name" : "DSA-2050",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2050"
},
{
"name" : "FEDORA-2009-10823",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name" : "FEDORA-2009-10845",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name" : "FEDORA-2010-1377",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name" : "FEDORA-2010-1805",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name" : "FEDORA-2010-1842",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name" : "MDVSA-2009:287",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name" : "MDVSA-2009:334",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"name" : "MDVSA-2011:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name" : "RHSA-2009:1500",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name" : "RHSA-2009:1501",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name" : "RHSA-2009:1502",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name" : "RHSA-2009:1503",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name" : "RHSA-2009:1504",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"name" : "RHSA-2009:1512",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name" : "RHSA-2009:1513",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name" : "RHSA-2010:0755",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name" : "274030",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name" : "1021706",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name" : "SUSE-SR:2009:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name" : "USN-850-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name" : "USN-850-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name" : "36703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36703"
},
{
"name" : "oval:org.mitre.oval:def:11043",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
},
{
"name" : "oval:org.mitre.oval:def:8134",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
},
{
"name" : "1023029",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023029"
},
{
"name" : "37023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37023"
},
{
"name" : "37028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37028"
},
{
"name" : "37034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37034"
},
{
"name" : "37037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37037"
},
{
"name" : "37043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37043"
},
{
"name" : "37051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37051"
},
{
"name" : "37054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37054"
},
{
"name" : "37061",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37061"
},
{
"name" : "37077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37077"
},
{
"name" : "37079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37079"
},
{
"name" : "37159",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37159"
},
{
"name" : "37114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37114"
},
{
"name" : "39327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39327"
},
{
"name" : "39938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39938"
},
{
"name" : "ADV-2009-2924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name" : "ADV-2009-2925",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name" : "ADV-2009-2926",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name" : "ADV-2009-2928",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name" : "ADV-2010-0802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name" : "ADV-2010-1220",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name" : "xpdf-imagestream-dos(53800)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "37028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name": "http://poppler.freedesktop.org/",
"refsource": "CONFIRM",
"url": "http://poppler.freedesktop.org/"
},
{
"name": "RHSA-2009:1501",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:8134",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8134"
},
{
"name": "DSA-2028",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37077"
},
{
"name": "oval:org.mitre.oval:def:11043",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11043"
},
{
"name": "1023029",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name": "ADV-2009-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name": "MDVSA-2011:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=526893",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526893"
},
{
"name": "xpdf-imagestream-dos(53800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53800"
},
{
"name": "37037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37037"
},
{
"name": "USN-850-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "RHSA-2009:1500",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1500.html"
},
{
"name": "ADV-2009-2928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "RHSA-2009:1513",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name": "37034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37034"
},
{
"name": "37023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37023"
},
{
"name": "ADV-2009-2924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "37051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37051"
},
{
"name": "274030",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37061"
},
{
"name": "39327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37043"
},
{
"name": "36703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name": "RHSA-2010:0755",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0755.html"
},
{
"name": "MDVSA-2009:334",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
}
]
}
}

170
2009/3xxx/CVE-2009-3640.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091023 CVE request: kvm: update_cr8_intercept() NULL pointer dereference",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125626965020571&w=2"
},
{
"name" : "[oss-security] 20091024 Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125640417219385&w=2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1"
},
{
"name" : "36805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36805"
},
{
"name" : "kernel-updatecr8intercept-dos(53947)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=88c808fd42b53a7e01a2ac3253ef31fef74cb5af"
},
{
"name": "[oss-security] 20091023 CVE request: kvm: update_cr8_intercept() NULL pointer dereference",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125626965020571&w=2"
},
{
"name": "[oss-security] 20091024 Re: CVE request: kvm: update_cr8_intercept() NULL pointer dereference",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125640417219385&w=2"
},
{
"name": "36805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36805"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1"
},
{
"name": "kernel-updatecr8intercept-dos(53947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53947"
}
]
}
}

34
2009/4xxx/CVE-2009-4011.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4011",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4011",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2009/4xxx/CVE-2009-4499.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091213 Zabbix Server : Multiple remote vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508436/30/60/threaded"
},
{
"name" : "https://support.zabbix.com/browse/ZBX-1031",
"refsource" : "CONFIRM",
"url" : "https://support.zabbix.com/browse/ZBX-1031"
},
{
"name" : "37740",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37740"
},
{
"name" : "ADV-2009-3514",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091213 Zabbix Server : Multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508436/30/60/threaded"
},
{
"name": "https://support.zabbix.com/browse/ZBX-1031",
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-1031"
},
{
"name": "37740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37740"
},
{
"name": "ADV-2009-3514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3514"
}
]
}
}

140
2009/4xxx/CVE-2009-4845.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
"refsource" : "MISC",
"url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
},
{
"name" : "virtualiq-ssh-information-disclosure(58575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 contains cleartext SSH credentials, which allows remote attackers to obtain sensitive information by reading the username and password fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
"refsource": "MISC",
"url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
},
{
"name": "virtualiq-ssh-information-disclosure(58575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58575"
}
]
}
}

190
2012/2xxx/CVE-2012-2100.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120412 Re: fix to CVE-2009-4307",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/12/11"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=809687",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=809687"
},
{
"name" : "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b"
},
{
"name" : "RHSA-2012:1445",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1445.html"
},
{
"name" : "RHSA-2012:1580",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1580.html"
},
{
"name" : "53414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1580",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=809687",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=809687"
},
{
"name": "RHSA-2012:1445",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1445.html"
},
{
"name": "53414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53414"
},
{
"name": "[oss-security] 20120412 Re: fix to CVE-2009-4307",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/11"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b"
},
{
"name": "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2"
}
]
}
}

34
2012/2xxx/CVE-2012-2130.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2130",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2130",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2012/2xxx/CVE-2012-2270.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name" : "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name" : "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt",
"refsource" : "MISC",
"url" : "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name" : "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"name" : "http://owncloud.org/security/advisories/CVE-2012-2270/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"name" : "53145",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53145"
},
{
"name" : "81211",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81211"
},
{
"name" : "48850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48850"
},
{
"name" : "owncloud-index-open-redirect(75029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/security/advisories/CVE-2012-2270/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/CVE-2012-2270/"
},
{
"name": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt",
"refsource": "MISC",
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt"
},
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "20120418 TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0127.html"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "48850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48850"
},
{
"name": "53145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53145"
},
{
"name": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111956/ownCloud-3.0.0-Cross-Site-Scripting.html"
},
{
"name": "owncloud-index-open-redirect(75029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75029"
},
{
"name": "81211",
"refsource": "OSVDB",
"url": "http://osvdb.org/81211"
}
]
}
}

180
2012/2xxx/CVE-2012-2296.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/10/12"
},
{
"name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name" : "http://drupal.org/node/1515282",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1515282"
},
{
"name" : "http://drupal.org/node/1515114",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1515114"
},
{
"name" : "http://drupal.org/node/1515120",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1515120"
},
{
"name" : "janrain-drupalcontent-info-disclosure(74616)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1515282",
"refsource": "MISC",
"url": "http://drupal.org/node/1515282"
},
{
"name": "http://drupal.org/node/1515114",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1515114"
},
{
"name": "[oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/12"
},
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "http://drupal.org/node/1515120",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1515120"
},
{
"name": "janrain-drupalcontent-info-disclosure(74616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74616"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
]
}
}

160
2012/2xxx/CVE-2012-2338.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120510 CVE-request: galette sql injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/10/5"
},
{
"name" : "[oss-security] 20120510 Re: CVE-request: galette sql injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/11/1"
},
{
"name" : "http://redmine.ulysses.fr/issues/250",
"refsource" : "MISC",
"url" : "http://redmine.ulysses.fr/issues/250"
},
{
"name" : "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba",
"refsource" : "CONFIRM",
"url" : "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba"
},
{
"name" : "53463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53463"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120510 Re: CVE-request: galette sql injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/1"
},
{
"name": "53463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53463"
},
{
"name": "[oss-security] 20120510 CVE-request: galette sql injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/5"
},
{
"name": "http://redmine.ulysses.fr/issues/250",
"refsource": "MISC",
"url": "http://redmine.ulysses.fr/issues/250"
},
{
"name": "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba",
"refsource": "CONFIRM",
"url": "http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba"
}
]
}
}

200
2012/2xxx/CVE-2012-2394.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-10.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221"
},
{
"name" : "MDVSA-2012:015",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015"
},
{
"name" : "MDVSA-2012:042",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042"
},
{
"name" : "MDVSA-2012:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080"
},
{
"name" : "53653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53653"
},
{
"name" : "1027094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027094"
},
{
"name" : "49226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393"
},
{
"name": "1027094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027094"
},
{
"name": "MDVSA-2012:042",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-10.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-10.html"
},
{
"name": "49226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49226"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221"
},
{
"name": "MDVSA-2012:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080"
},
{
"name": "53653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53653"
}
]
}
}

130
2012/6xxx/CVE-2012-6042.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18339",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18339"
},
{
"name" : "51327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51327"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18339",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18339"
},
{
"name": "51327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51327"
}
]
}
}

34
2012/6xxx/CVE-2012-6135.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6135",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6135",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/6xxx/CVE-2012-6538.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9"
},
{
"name" : "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
},
{
"name" : "RHSA-2013:0744",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4c87308bdea31a7b4828a51f6156e6f721a1fcc9"
},
{
"name": "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4c87308bdea31a7b4828a51f6156e6f721a1fcc9"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
},
{
"name": "RHSA-2013:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0616.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150401 Multiple Vulnerabilities in Cisco Unity Connection",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc"
},
{
"name" : "1032010",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150401 Multiple Vulnerabilities in Cisco Unity Connection",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc"
},
{
"name": "1032010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032010"
}
]
}
}

34
2015/1xxx/CVE-2015-1034.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1034",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1034",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/1xxx/CVE-2015-1337.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004"
},
{
"name" : "USN-2746-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2746-1"
},
{
"name" : "USN-2746-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2746-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2746-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2746-1"
},
{
"name": "USN-2746-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2746-2"
},
{
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/simplestreams/%2Bbug/1487004"
}
]
}
}

140
2015/1xxx/CVE-2015-1712.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1691."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-043",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
},
{
"name" : "74515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74515"
},
{
"name" : "1032282",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1691."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74515"
},
{
"name": "1032282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032282"
},
{
"name": "MS15-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
}
]
}
}

150
2015/1xxx/CVE-2015-1902.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1902",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-193",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883245",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
},
{
"name" : "74597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74597"
},
{
"name" : "1032376",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883245"
},
{
"name": "1032376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032376"
},
{
"name": "74597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74597"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-193",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-193"
}
]
}
}

34
2015/5xxx/CVE-2015-5398.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5398",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5398",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2015/5xxx/CVE-2015-5777.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76343"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
}
]
}
}

34
2018/11xxx/CVE-2018-11200.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11200",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11200",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/11xxx/CVE-2018-11272.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11272",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11272",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/11xxx/CVE-2018-11456.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2018-11456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Automation License Manager 5",
"version" : {
"version_data" : [
{
"version_value" : "Automation License Manager 5 : All versions < 5.3.4.4"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284: Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-11456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation License Manager 5",
"version": {
"version_data": [
{
"version_value": "Automation License Manager 5 : All versions < 5.3.4.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
},
{
"name" : "105114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105114"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
]
}
}

210
2018/11xxx/CVE-2018-11506.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe"
},
{
"name" : "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe"
},
{
"name" : "https://twitter.com/efrmv/status/1001574894273007616",
"refsource" : "MISC",
"url" : "https://twitter.com/efrmv/status/1001574894273007616"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "USN-3752-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-1/"
},
{
"name" : "USN-3752-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-2/"
},
{
"name" : "USN-3752-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-3/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "https://twitter.com/efrmv/status/1001574894273007616",
"refsource": "MISC",
"url": "https://twitter.com/efrmv/status/1001574894273007616"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
}
]
}
}

120
2018/11xxx/CVE-2018-11982.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11982",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Double Free in LTE"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free in LTE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

34
2018/3xxx/CVE-2018-3117.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3117",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3117",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3310.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3310",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3310",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3675.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3675",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3675",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/3xxx/CVE-2018-3836.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-22T00:00:00",
"ID" : "CVE-2018-3836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Leptonica",
"version" : {
"version_data" : [
{
"version_value" : "1.74.4"
}
]
}
}
]
},
"vendor_name" : "Dan Bloomberg"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "arbitrary code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-22T00:00:00",
"ID": "CVE-2018-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Leptonica",
"version": {
"version_data": [
{
"version_value": "1.74.4"
}
]
}
}
]
},
"vendor_name": "Dan Bloomberg"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180215 [SECURITY] [DLA 1284-1] leptonlib security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html"
},
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180215 [SECURITY] [DLA 1284-1] leptonlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00019.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516"
}
]
}
}

180
2018/7xxx/CVE-2018-7456.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html"
},
{
"name" : "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html"
},
{
"name" : "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2778",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2778"
},
{
"name" : "https://github.com/xiaoqx/pocs/tree/master/libtiff",
"refsource" : "MISC",
"url" : "https://github.com/xiaoqx/pocs/tree/master/libtiff"
},
{
"name" : "DSA-4349",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4349"
},
{
"name" : "USN-3864-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3864-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1347-1] tiff3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00011.html"
},
{
"name": "USN-3864-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3864-1/"
},
{
"name": "DSA-4349",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4349"
},
{
"name": "https://github.com/xiaoqx/pocs/tree/master/libtiff",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/libtiff"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2778",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2778"
},
{
"name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1346-1] tiff security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00010.html"
}
]
}
}

222
2018/8xxx/CVE-2018-8346.json
View File

@ -1,113 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka \"LNK Remote Code Execution Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346"
},
{
"name" : "105028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105028"
},
{
"name" : "1041473",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka \"LNK Remote Code Execution Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041473",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041473"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8346"
},
{
"name": "105028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105028"
}
]
}
}

294
2018/8xxx/CVE-2018-8455.json
View File

@ -1,149 +1,149 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455"
},
{
"name" : "105211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105211"
},
{
"name" : "1041635",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041635"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041635",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041635"
},
{
"name": "105211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105211"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8455"
}
]
}
}

152
2018/8xxx/CVE-2018-8784.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@checkpoint.com",
"DATE_PUBLIC" : "2018-10-22T00:00:00",
"ID" : "CVE-2018-8784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeRDP",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to 2.0.0-rc4"
}
]
}
}
]
},
"vendor_name" : "Check Point Software Technologies Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2018-10-22T00:00:00",
"ID": "CVE-2018-8784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.0.0-rc4"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
"refsource" : "CONFIRM",
"url" : "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7"
},
{
"name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource" : "CONFIRM",
"url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name" : "USN-3845-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3845-1/"
},
{
"name" : "106938",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "USN-3845-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7"
}
]
}
}