admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:36:04 +00:00
parent 9b5e1c1659
commit cc169e221e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3700 additions and 3700 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0494.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020325 WebSight Directory System: cross-site-scripting bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/263914"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=163389",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=163389"
},
{
"name" : "4357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4357"
},
{
"name" : "websight-directory-system-css(8624)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8624.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020325 WebSight Directory System: cross-site-scripting bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/263914"
},
{
"name": "4357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4357"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=163389",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=163389"
},
{
"name": "websight-directory-system-css(8624)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8624.php"
}
]
}
}

150
2002/0xxx/CVE-2002-0502.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020123 RE: Citrix NFuse 1.6",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/251923"
},
{
"name" : "20020122 Citrix NFuse 1.6",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/251737"
},
{
"name" : "nfuse-applist-information-disclosure(7984)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7984"
},
{
"name" : "3926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3926"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nfuse-applist-information-disclosure(7984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7984"
},
{
"name": "20020122 Citrix NFuse 1.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251737"
},
{
"name": "20020123 RE: Citrix NFuse 1.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251923"
},
{
"name": "3926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3926"
}
]
}
}

150
2002/2xxx/CVE-2002-2118.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020219 RE: Blueworld WebData Engine 1.6.5",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=101372618504099&w=2"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html"
},
{
"name" : "4110",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4110"
},
{
"name" : "lasso-webdata-dos(8208)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8208.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4110"
},
{
"name": "20020219 RE: Blueworld WebData Engine 1.6.5",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=101372618504099&w=2"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5NP0B2A6AQ.html"
},
{
"name": "lasso-webdata-dos(8208)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8208.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020912 Bypassing TrendMicro InterScan VirusWall",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/291538"
},
{
"name" : "5701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5701"
},
{
"name" : "interscan-gzip-content-bypass(10107)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10107.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5701"
},
{
"name": "interscan-gzip-content-bypass(10107)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10107.php"
},
{
"name": "20020912 Bypassing TrendMicro InterScan VirusWall",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/291538"
}
]
}
}

290
2005/0xxx/CVE-2005-0109.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.daemonology.net/papers/htt.pdf",
"refsource" : "MISC",
"url" : "http://www.daemonology.net/papers/htt.pdf"
},
{
"name" : "http://www.daemonology.net/hyperthreading-considered-harmful/",
"refsource" : "MISC",
"url" : "http://www.daemonology.net/hyperthreading-considered-harmful/"
},
{
"name" : "[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=openbsd-misc&m=110995101417256&w=2"
},
{
"name" : "[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=freebsd-security&m=110994370429609&w=2"
},
{
"name" : "[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754",
"refsource" : "MISC",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754"
},
{
"name" : "RHSA-2005:476",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-476.html"
},
{
"name" : "RHSA-2005:800",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-800.html"
},
{
"name" : "SCOSA-2005.24",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt"
},
{
"name" : "101739",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1"
},
{
"name" : "VU#911878",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/911878"
},
{
"name" : "12724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12724"
},
{
"name" : "oval:org.mitre.oval:def:9747",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747"
},
{
"name" : "ADV-2005-0540",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0540"
},
{
"name" : "ADV-2005-3002",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3002"
},
{
"name" : "1013967",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013967"
},
{
"name" : "15348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15348"
},
{
"name" : "18165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#911878",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/911878"
},
{
"name": "18165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18165"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754"
},
{
"name": "[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff",
"refsource": "MLIST",
"url": "http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2"
},
{
"name": "SCOSA-2005.24",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt"
},
{
"name": "oval:org.mitre.oval:def:9747",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747"
},
{
"name": "ADV-2005-3002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3002"
},
{
"name": "15348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15348"
},
{
"name": "12724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12724"
},
{
"name": "[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]",
"refsource": "MLIST",
"url": "http://marc.info/?l=freebsd-security&m=110994370429609&w=2"
},
{
"name": "RHSA-2005:476",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
},
{
"name": "1013967",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013967"
},
{
"name": "ADV-2005-0540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0540"
},
{
"name": "http://www.daemonology.net/papers/htt.pdf",
"refsource": "MISC",
"url": "http://www.daemonology.net/papers/htt.pdf"
},
{
"name": "RHSA-2005:800",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-800.html"
},
{
"name": "http://www.daemonology.net/hyperthreading-considered-harmful/",
"refsource": "MISC",
"url": "http://www.daemonology.net/hyperthreading-considered-harmful/"
},
{
"name": "101739",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1"
},
{
"name": "[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff",
"refsource": "MLIST",
"url": "http://marc.info/?l=openbsd-misc&m=110995101417256&w=2"
}
]
}
}

250
2005/0xxx/CVE-2005-0233.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050206 state of homograph attacks",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name" : "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110782704923280&w=2"
},
{
"name" : "http://www.shmoo.com/idn",
"refsource" : "MISC",
"url" : "http://www.shmoo.com/idn"
},
{
"name" : "http://www.shmoo.com/idn/homograph.txt",
"refsource" : "MISC",
"url" : "http://www.shmoo.com/idn/homograph.txt"
},
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-29.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-29.html"
},
{
"name" : "GLSA-200503-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name" : "GLSA-200503-30",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name" : "RHSA-2005:176",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name" : "RHSA-2005:384",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name" : "SUSE-SA:2005:016",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name" : "12461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12461"
},
{
"name" : "oval:org.mitre.oval:def:100029",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name" : "oval:org.mitre.oval:def:11229",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name" : "multiple-browsers-idn-spoof(19236)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shmoo.com/idn/homograph.txt",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name": "http://www.shmoo.com/idn",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn"
},
{
"name": "SUSE-SA:2005:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html"
},
{
"name": "oval:org.mitre.oval:def:11229",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11229"
},
{
"name": "oval:org.mitre.oval:def:100029",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100029"
},
{
"name": "RHSA-2005:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2"
},
{
"name": "12461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12461"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-29.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-29.html"
}
]
}
}

34
2005/0xxx/CVE-2005-0405.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0405",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0405",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2005/1xxx/CVE-2005-1253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1253",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1253",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2005/1xxx/CVE-2005-1821.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050531 PowerDownload Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111755754126095&w=2"
},
{
"name" : "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt",
"refsource" : "MISC",
"url" : "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt"
},
{
"name" : "13822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13822"
},
{
"name" : "1014078",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014078"
},
{
"name" : "15537",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13822"
},
{
"name": "20050531 PowerDownload Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111755754126095&w=2"
},
{
"name": "15537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15537"
},
{
"name": "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt",
"refsource": "MISC",
"url": "http://www.soulblack.com.ar/repo/papers/advisory/powerdownload_advisory.txt"
},
{
"name": "1014078",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014078"
}
]
}
}

200
2005/1xxx/CVE-2005-1865.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050531 multiple vulnerability Calendarix Advanced",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html"
},
{
"name" : "http://www.calendarix.com/download_advanced.php",
"refsource" : "CONFIRM",
"url" : "http://www.calendarix.com/download_advanced.php"
},
{
"name" : "http://www.calendarix.com/download_basic.php",
"refsource" : "CONFIRM",
"url" : "http://www.calendarix.com/download_basic.php"
},
{
"name" : "16971",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16971"
},
{
"name" : "16972",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16972"
},
{
"name" : "16974",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16974"
},
{
"name" : "16975",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16975"
},
{
"name" : "1014083",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/alerts/2005/May/1014083.html"
},
{
"name" : "15569",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.calendarix.com/download_basic.php",
"refsource": "CONFIRM",
"url": "http://www.calendarix.com/download_basic.php"
},
{
"name": "16972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16972"
},
{
"name": "16975",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16975"
},
{
"name": "1014083",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/May/1014083.html"
},
{
"name": "http://www.calendarix.com/download_advanced.php",
"refsource": "CONFIRM",
"url": "http://www.calendarix.com/download_advanced.php"
},
{
"name": "15569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15569"
},
{
"name": "16971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16971"
},
{
"name": "16974",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16974"
},
{
"name": "20050531 multiple vulnerability Calendarix Advanced",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html"
}
]
}
}

180
2005/4xxx/CVE-2005-4277.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060530 toendaCMS 0.7.0 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435412/100/0/threaded"
},
{
"name" : "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip",
"refsource" : "CONFIRM",
"url" : "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip"
},
{
"name" : "18178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18178"
},
{
"name" : "ADV-2005-2926",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2926"
},
{
"name" : "21767",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21767"
},
{
"name" : "18058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18058"
},
{
"name" : "1015354",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015354"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060530 toendaCMS 0.7.0 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435412/100/0/threaded"
},
{
"name": "18178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18178"
},
{
"name": "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip",
"refsource": "CONFIRM",
"url": "http://www.toenda.com/files/toendaCMS_0.7_Beta.zip"
},
{
"name": "18058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18058"
},
{
"name": "1015354",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015354"
},
{
"name": "21767",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21767"
},
{
"name": "ADV-2005-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2926"
}
]
}
}

140
2005/4xxx/CVE-2005-4303.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html"
},
{
"name" : "15908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15908"
},
{
"name" : "21797",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21797"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15908"
},
{
"name": "21797",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21797"
},
{
"name": "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/ezdatabase-vuln.html"
}
]
}
}

150
2009/0xxx/CVE-2009-0095.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-005",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
},
{
"name" : "TA09-041A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
},
{
"name" : "oval:org.mitre.oval:def:6179",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
},
{
"name" : "ADV-2009-0391",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0391"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"Memory Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0391",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0391"
},
{
"name": "oval:org.mitre.oval:def:6179",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6179"
},
{
"name": "MS09-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-005"
},
{
"name": "TA09-041A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
}
]
}
}

230
2009/0xxx/CVE-2009-0260.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"name" : "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1",
"refsource" : "CONFIRM",
"url" : "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name" : "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource" : "CONFIRM",
"url" : "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name" : "DSA-1715",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2009/dsa-1715"
},
{
"name" : "USN-716-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/716-1/"
},
{
"name" : "33365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33365"
},
{
"name" : "ADV-2009-0195",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name" : "51485",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51485"
},
{
"name" : "33593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33593"
},
{
"name" : "33716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33716"
},
{
"name" : "33755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33755"
},
{
"name" : "moinmoin-attachfilepy-xss(48126)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33593"
},
{
"name": "33755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33755"
},
{
"name": "ADV-2009-0195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0195"
},
{
"name": "33716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33716"
},
{
"name": "http://moinmo.in/SecurityFixes#moin1.8.1",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes#moin1.8.1"
},
{
"name": "33365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33365"
},
{
"name": "51485",
"refsource": "OSVDB",
"url": "http://osvdb.org/51485"
},
{
"name": "20090120 MoinMoin Wiki Engine XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500197/100/0/threaded"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/8cb4d34ccbc1"
},
{
"name": "moinmoin-attachfilepy-xss(48126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48126"
},
{
"name": "DSA-1715",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2009/dsa-1715"
},
{
"name": "USN-716-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/716-1/"
}
]
}
}

180
2009/0xxx/CVE-2009-0546.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090205 [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500686/100/0/threaded"
},
{
"name" : "7995",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7995"
},
{
"name" : "8010",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8010"
},
{
"name" : "http://security.bkis.vn/?p=329",
"refsource" : "MISC",
"url" : "http://security.bkis.vn/?p=329"
},
{
"name" : "33630",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33630"
},
{
"name" : "51753",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51753"
},
{
"name" : "33718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33718"
},
{
"name": "51753",
"refsource": "OSVDB",
"url": "http://osvdb.org/51753"
},
{
"name": "20090205 [SVRT-02-09] FeedDemon (ver<=2.7) Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500686/100/0/threaded"
},
{
"name": "33630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33630"
},
{
"name": "7995",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7995"
},
{
"name": "8010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8010"
},
{
"name": "http://security.bkis.vn/?p=329",
"refsource": "MISC",
"url": "http://security.bkis.vn/?p=329"
}
]
}
}

140
2009/0xxx/CVE-2009-0848.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified \"relative search path.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SR:2009:006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
},
{
"name" : "34259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34259"
},
{
"name" : "opensuse-gtk2-code-execution(49228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified \"relative search path.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34259"
},
{
"name": "SUSE-SR:2009:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
},
{
"name": "opensuse-gtk2-code-execution(49228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49228"
}
]
}
}

200
2009/1xxx/CVE-2009-1416.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"name" : "[help-gnutls] 20090420 Encryption using DSA keys",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"name" : "GLSA-200905-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name" : "MDVSA-2009:116",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
},
{
"name" : "34783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34783"
},
{
"name" : "1022158",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022158"
},
{
"name" : "34842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34842"
},
{
"name" : "35211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35211"
},
{
"name" : "ADV-2009-1218",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[help-gnutls] 20090420 Encryption using DSA keys",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html"
},
{
"name": "[gnutls-devel] 20090430 All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516"
},
{
"name": "1022158",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022158"
},
{
"name": "ADV-2009-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1218"
},
{
"name": "34783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34783"
},
{
"name": "GLSA-200905-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-04.xml"
},
{
"name": "34842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34842"
},
{
"name": "35211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35211"
},
{
"name": "MDVSA-2009:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:116"
}
]
}
}

310
2009/1xxx/CVE-2009-1580.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676"
},
{
"name" : "http://www.squirrelmail.org/security/issue/2009-05-11",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500358",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "DSA-1802",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1802"
},
{
"name" : "FEDORA-2009-4870",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name" : "FEDORA-2009-4880",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name" : "FEDORA-2009-4875",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name" : "MDVSA-2009:110",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name" : "34916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34916"
},
{
"name" : "oval:org.mitre.oval:def:10107",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"name" : "35052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35052"
},
{
"name" : "35073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35073"
},
{
"name" : "35140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35140"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "ADV-2009-1296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name" : "squirrelmail-baseuri-session-hijacking(50462)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500358",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500358"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-11",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-11"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "squirrelmail-baseuri-session-hijacking(50462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50462"
},
{
"name": "oval:org.mitre.oval:def:10107",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10107"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}

160
2009/1xxx/CVE-2009-1812.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8708",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8708"
},
{
"name" : "http://www.collector.ch/drupal5/?q=node/39",
"refsource" : "CONFIRM",
"url" : "http://www.collector.ch/drupal5/?q=node/39"
},
{
"name" : "34998",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34998"
},
{
"name" : "35110",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35110"
},
{
"name" : "ADV-2009-1345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1345"
},
{
"name": "8708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8708"
},
{
"name": "35110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35110"
},
{
"name": "http://www.collector.ch/drupal5/?q=node/39",
"refsource": "CONFIRM",
"url": "http://www.collector.ch/drupal5/?q=node/39"
},
{
"name": "34998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34998"
}
]
}
}

140
2009/4xxx/CVE-2009-4495.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name" : "37716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37716"
},
{
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
]
}
}

150
2009/4xxx/CVE-2009-4645.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.portcullis-security.com/340.php",
"refsource" : "MISC",
"url" : "http://www.portcullis-security.com/340.php"
},
{
"name" : "38176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38176"
},
{
"name" : "38538",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38538"
},
{
"name" : "fta-webclientuserguide-directory-traversal(56246)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fta-webclientuserguide-directory-traversal(56246)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56246"
},
{
"name": "38176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38176"
},
{
"name": "38538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38538"
},
{
"name": "http://www.portcullis-security.com/340.php",
"refsource": "MISC",
"url": "http://www.portcullis-security.com/340.php"
}
]
}
}

160
2009/4xxx/CVE-2009-4776.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html"
},
{
"name" : "36309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36309"
},
{
"name" : "57834",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57834"
},
{
"name" : "36622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36622"
},
{
"name" : "ADV-2009-2574",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html"
},
{
"name": "57834",
"refsource": "OSVDB",
"url": "http://osvdb.org/57834"
},
{
"name": "36309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36309"
},
{
"name": "36622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36622"
},
{
"name": "ADV-2009-2574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2574"
}
]
}
}

130
2009/5xxx/CVE-2009-5007.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.infradead.org/openconnect.html",
"refsource" : "MISC",
"url" : "http://www.infradead.org/openconnect.html"
},
{
"name" : "42093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42093"
},
{
"name": "http://www.infradead.org/openconnect.html",
"refsource": "MISC",
"url": "http://www.infradead.org/openconnect.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2158.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2158",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2158",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/2xxx/CVE-2012-2376.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18861",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18861/"
},
{
"name" : "[oss-security] 20120519 Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/05/20/2"
},
{
"name" : "http://isc.sans.edu/diary.html?storyid=13255",
"refsource" : "MISC",
"url" : "http://isc.sans.edu/diary.html?storyid=13255"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=823464",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=823464"
},
{
"name" : "1027089",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027089"
},
{
"name" : "php-comprinttypeinfo-function-dos(75778)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://isc.sans.edu/diary.html?storyid=13255",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary.html?storyid=13255"
},
{
"name": "php-comprinttypeinfo-function-dos(75778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75778"
},
{
"name": "18861",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18861/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=823464",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=823464"
},
{
"name": "[oss-security] 20120519 Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/05/20/2"
},
{
"name": "1027089",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027089"
}
]
}
}

220
2012/2xxx/CVE-2012-2385.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/22/9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=823943",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=823943"
},
{
"name" : "https://github.com/keithw/mosh/blob/master/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/keithw/mosh/blob/master/ChangeLog"
},
{
"name" : "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e",
"refsource" : "CONFIRM",
"url" : "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e"
},
{
"name" : "https://github.com/keithw/mosh/issues/271",
"refsource" : "CONFIRM",
"url" : "https://github.com/keithw/mosh/issues/271"
},
{
"name" : "FEDORA-2012-9414",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082814.html"
},
{
"name" : "FEDORA-2012-9422",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082766.html"
},
{
"name" : "FEDORA-2012-9442",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082850.html"
},
{
"name" : "53646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53646"
},
{
"name" : "49260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49260"
},
{
"name" : "mosh-sequences-dos(75779)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-9422",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082766.html"
},
{
"name": "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e",
"refsource": "CONFIRM",
"url": "https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e"
},
{
"name": "FEDORA-2012-9414",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082814.html"
},
{
"name": "FEDORA-2012-9442",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082850.html"
},
{
"name": "53646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53646"
},
{
"name": "49260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49260"
},
{
"name": "[oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/22/9"
},
{
"name": "https://github.com/keithw/mosh/issues/271",
"refsource": "CONFIRM",
"url": "https://github.com/keithw/mosh/issues/271"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=823943",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=823943"
},
{
"name": "mosh-sequences-dos(75779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75779"
},
{
"name": "https://github.com/keithw/mosh/blob/master/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/keithw/mosh/blob/master/ChangeLog"
}
]
}
}

34
2012/2xxx/CVE-2012-2471.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2471",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2471",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/2xxx/CVE-2012-2505.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2505",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2505",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/3xxx/CVE-2012-3165.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3215.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "56012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56012"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

200
2012/3xxx/CVE-2012-3360.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
"refsource" : "MLIST",
"url" : "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"name" : "https://bugs.launchpad.net/nova/+bug/1015531",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"name" : "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"name" : "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"name" : "FEDORA-2012-10420",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"name" : "USN-1497-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1497-1"
},
{
"name" : "54277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54277"
},
{
"name" : "49763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49763"
},
{
"name" : "49802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54277"
},
{
"name": "49763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49763"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1015531",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"name": "49802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49802"
},
{
"name": "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"name": "FEDORA-2012-10420",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"name": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"name": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"name": "USN-1497-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1497-1"
}
]
}
}

34
2012/3xxx/CVE-2012-3851.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3851",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3851",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6239.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6239",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6239",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

34
2012/6xxx/CVE-2012-6423.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6423",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6423",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2012/6xxx/CVE-2012-6544.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee"
},
{
"name" : "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988"
},
{
"name" : "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed"
},
{
"name" : "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
},
{
"name" : "RHSA-2013:1173",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
},
{
"name" : "USN-1805-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"name" : "USN-1808-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1808-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1805-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1808-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1808-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=792039c73cf176c8e39a6e8beef2c94ff46522ed"
},
{
"name": "RHSA-2013:1173",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
},
{
"name": "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/792039c73cf176c8e39a6e8beef2c94ff46522ed"
},
{
"name": "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e15ca9a0ef9a86f0477530b0f44a725d67f889ee"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e15ca9a0ef9a86f0477530b0f44a725d67f889ee"
},
{
"name": "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/3f68ba07b1da811bf383b4b701b129bfcb2e4988"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f68ba07b1da811bf383b4b701b129bfcb2e4988"
}
]
}
}

120
2015/5xxx/CVE-2015-5052.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Sefrengo before 1.6.5 beta2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forum.sefrengo.org/index.php?showtopic=3399",
"refsource" : "CONFIRM",
"url" : "http://forum.sefrengo.org/index.php?showtopic=3399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Sefrengo before 1.6.5 beta2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.sefrengo.org/index.php?showtopic=3399",
"refsource": "CONFIRM",
"url": "http://forum.sefrengo.org/index.php?showtopic=3399"
}
]
}
}

170
2015/5xxx/CVE-2015-5767.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

142
2017/2xxx/CVE-2017-2298.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@puppet.com",
"DATE_PUBLIC" : "2017-06-30T00:00:00",
"ID" : "CVE-2017-2298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "mcollective",
"version" : {
"version_data" : [
{
"version_value" : "< 0.5.1"
}
]
}
}
]
},
"vendor_name" : "Puppet"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string \"_pub.pem\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "missing input sanitization"
}
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mcollective",
"version": {
"version_data": [
{
"version_value": "< 0.5.1"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md"
},
{
"name" : "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2",
"refsource" : "CONFIRM",
"url" : "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2"
},
{
"name" : "https://puppet.com/security/cve/cve-2017-2298",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2017-2298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string \"_pub.pem\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "missing input sanitization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/puppetlabs/mcollective-sshkey-security/blob/0.5.1/CHANGELOG.md"
},
{
"name": "https://puppet.com/security/cve/cve-2017-2298",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-2298"
},
{
"name": "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2",
"refsource": "CONFIRM",
"url": "https://github.com/puppetlabs/mcollective-sshkey-security/commit/3388a3109f4fb1c69fa8505e991bf59ca20d19a2"
}
]
}
}

170
2017/2xxx/CVE-2017-2932.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 24.0.0.186 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 24.0.0.186 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 24.0.0.186 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41609",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41609/"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name" : "GLSA-201702-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-20"
},
{
"name" : "RHSA-2017:0057",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name" : "95342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95342"
},
{
"name" : "1037570",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037570"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name": "95342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95342"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name": "RHSA-2017:0057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name": "41609",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41609/"
},
{
"name": "1037570",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037570"
}
]
}
}

130
2018/11xxx/CVE-2018-11093.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/",
"refsource" : "CONFIRM",
"url" : "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/"
},
{
"name" : "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22",
"refsource" : "CONFIRM",
"url" : "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22",
"refsource": "CONFIRM",
"url": "https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22"
},
{
"name": "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/",
"refsource": "CONFIRM",
"url": "https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/"
}
]
}
}

34
2018/11xxx/CVE-2018-11336.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11336",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11336",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2018/11xxx/CVE-2018-11362.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\\0' character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-25.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-25.html"
},
{
"name" : "DSA-4217",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4217"
},
{
"name" : "104308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104308"
},
{
"name" : "1041036",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\\0' character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104308"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615"
},
{
"name": "DSA-4217",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4217"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-25.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-25.html"
},
{
"name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58"
},
{
"name": "1041036",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041036"
}
]
}
}

120
2018/14xxx/CVE-2018-14054.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openwall.com/lists/oss-security/2018/07/13/1",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2018/07/13/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/13/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/13/1"
}
]
}
}

120
2018/14xxx/CVE-2018-14838.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rejucms 2.1 has stored XSS via the admin/book.php content parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1",
"refsource" : "MISC",
"url" : "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rejucms 2.1 has stored XSS via the admin/book.php content parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1",
"refsource": "MISC",
"url": "https://github.com/ZBWACD/CodeAudit/blob/master/rejucms_v2.1"
}
]
}
}

190
2018/15xxx/CVE-2018-15421.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-19T16:00:00-0500",
"ID" : "CVE-2018-15421",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx ARF Player ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "7.8",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-19T16:00:00-0500",
"ID": "CVE-2018-15421",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx ARF Player ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180919 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex"
},
{
"name" : "105374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105374"
},
{
"name" : "1041689",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041689"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180919-webex",
"defect" : [
[
"CSCvj63665",
"CSCvj63672",
"CSCvj63676",
"CSCvj63717",
"CSCvj63724",
"CSCvj63729",
"CSCvj67334",
"CSCvj67339",
"CSCvj67344"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041689"
},
{
"name": "20180919 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180919-webex"
},
{
"name": "105374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105374"
}
]
},
"source": {
"advisory": "cisco-sa-20180919-webex",
"defect": [
[
"CSCvj63665",
"CSCvj63672",
"CSCvj63676",
"CSCvj63717",
"CSCvj63724",
"CSCvj63729",
"CSCvj67334",
"CSCvj67339",
"CSCvj67344"
]
],
"discovery": "UNKNOWN"
}
}

34
2018/15xxx/CVE-2018-15524.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15524",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15524",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15669.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://versprite.com/advisories/airmail-3-for-mac-3/",
"refsource" : "MISC",
"url" : "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://versprite.com/advisories/airmail-3-for-mac-3/",
"refsource": "MISC",
"url": "https://versprite.com/advisories/airmail-3-for-mac-3/"
}
]
}
}

130
2018/15xxx/CVE-2018-15974.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Framemaker",
"version" : {
"version_data" : [
{
"version_value" : "1.0.5.1 and below versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Library Loading (DLL hijacking)"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Framemaker",
"version": {
"version_data": [
{
"version_value": "1.0.5.1 and below versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html"
},
{
"name" : "105537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Library Loading (DLL hijacking)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb18-37.html"
},
{
"name": "105537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105537"
}
]
}
}

34
2018/8xxx/CVE-2018-8067.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8067",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8067",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/8xxx/CVE-2018-8337.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka \"Windows Subsystem for Linux Security Feature Bypass Vulnerability.\" This affects Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337"
},
{
"name" : "105250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka \"Windows Subsystem for Linux Security Feature Bypass Vulnerability.\" This affects Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105250"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8337"
}
]
}
}

158
2018/8xxx/CVE-2018-8512.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512"
},
{
"name" : "105486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105486"
},
{
"name" : "1041825",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512"
},
{
"name": "105486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105486"
},
{
"name": "1041825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041825"
}
]
}
}

246
2018/8xxx/CVE-2018-8629.json
View File

@ -1,125 +1,125 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
},
{
"version_value" : "Windows Server 2019"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2019"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629"
},
{
"name" : "106115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8629"
},
{
"name": "106115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106115"
}
]
}
}

34
2018/8xxx/CVE-2018-8759.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8759",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8759",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}