admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:47:30 +00:00
parent f9d3b62378
commit cf94adfcfa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4088 additions and 4088 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/1xxx/CVE-1999-1054.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1054", "ID": "CVE-1999-1054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19980925 Globetrotter FlexLM 'lmdown' bogosity", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=90675672323825&w=2" "lang": "eng",
} "value": "The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980925 Globetrotter FlexLM 'lmdown' bogosity",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90675672323825&w=2"
}
]
}
}

120
1999/1xxx/CVE-1999-1092.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1092", "ID": "CVE-1999-1092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19991117 default permissions for tin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=94286179032648&w=2" "lang": "eng",
} "value": "tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991117 default permissions for tin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=94286179032648&w=2"
}
]
}
}

120
1999/1xxx/CVE-1999-1156.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1156", "ID": "CVE-1999-1156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "bisonware-port-crash(2254)", "description_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2254" "lang": "eng",
} "value": "BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bisonware-port-crash(2254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2254"
}
]
}
}

130
2000/0xxx/CVE-2000-0051.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0051", "ID": "CVE-2000-0051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ASB00-02", "description_data": [
"refsource" : "ALLAIRE", {
"url" : "http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full" "lang": "eng",
}, "value": "The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL."
{ }
"name" : "916", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/916" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB00-02",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full"
},
{
"name": "916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/916"
}
]
}
}

130
2000/0xxx/CVE-2000-0144.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0144", "ID": "CVE-2000-0144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000207 Infosec.20000207.axis700.a", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html" "lang": "eng",
}, "value": "Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack."
{ }
"name" : "971", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/971" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/971"
},
{
"name": "20000207 Infosec.20000207.axis700.a",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html"
}
]
}
}

120
2000/0xxx/CVE-2000-0562.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0562", "ID": "CVE-2000-0562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html" "lang": "eng",
} "value": "BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html"
}
]
}
}

140
2000/1xxx/CVE-2000-1060.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1060", "ID": "CVE-2000-1060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an \"xhost + localhost\" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001002 Local vulnerability in XFCE 3.5.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html" "lang": "eng",
}, "value": "The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an \"xhost + localhost\" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges."
{ }
"name" : "1736", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1736" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "xinitrc-bypass-xauthority(5305)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5305" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20001002 Local vulnerability in XFCE 3.5.1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html"
},
{
"name": "1736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1736"
},
{
"name": "xinitrc-bypass-xauthority(5305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5305"
}
]
}
}

150
2005/2xxx/CVE-2005-2302.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2302", "ID": "CVE-2005-2302",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112155941310297&w=2" "lang": "eng",
}, "value": "PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a \"blank out\" of answers to those clients that are allowed to use recursion."
{ }
"name" : "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18", ]
"refsource" : "CONFIRM", },
"url" : "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SR:2005:019", "description": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_19_sr.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1014504", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1014504" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18",
"refsource": "CONFIRM",
"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112155941310297&w=2"
},
{
"name": "1014504",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014504"
}
]
}
}

160
2005/2xxx/CVE-2005-2518.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2518", "ID": "CVE-2005-2518",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2005-08-15", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" "lang": "eng",
}, "value": "Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication."
{ }
"name" : "APPLE-SA-2005-08-17", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA05-229A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-229A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#461412", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/461412" ]
}, },
{ "references": {
"name" : "1014709", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014709" "name": "VU#461412",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/461412"
} },
} {
"name": "TA05-229A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-229A.html"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "1014709",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014709"
}
]
}
}

140
2005/2xxx/CVE-2005-2598.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2598", "ID": "CVE-2005-2598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050812 Multiple directory traversal vulnerabilities in Claroline", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php."
{ }
"name" : "20050819 Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036345.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16407", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16407" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050819 Re: Erroneous Informations - Multiple directory traversal vulnerabilities in Claroline",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036345.html"
},
{
"name": "16407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16407"
},
{
"name": "20050812 Multiple directory traversal vulnerabilities in Claroline",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Aug/0394.html"
}
]
}
}

260
2005/3xxx/CVE-2005-3247.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-3247", "ID": "CVE-2005-3247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html" "lang": "eng",
}, "value": "The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors."
{ }
"name" : "FLSA-2006:152922", ]
"refsource" : "FEDORA", },
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200510-25", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:809", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-809.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2005:025", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html" "name": "RHSA-2005:809",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-809.html"
"name" : "15148", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15148" "name": "17327",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17327"
"name" : "20132", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20132" "name": "GLSA-200510-25",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml"
"name" : "oval:org.mitre.oval:def:10241", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10241" "name": "17392",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17392"
"name" : "1015082", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015082" "name": "17480",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17480"
"name" : "17377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17377" "name": "1015082",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015082"
"name" : "17254", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17254" "name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
"name" : "17286", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17286" "name": "20132",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/20132"
"name" : "17327", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17327" "name": "SUSE-SR:2005:025",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
"name" : "17392", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17392" "name": "17286",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17286"
"name" : "17480", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17480" "name": "oval:org.mitre.oval:def:10241",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10241"
} },
} {
"name": "FLSA-2006:152922",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html"
},
{
"name": "17377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17377"
},
{
"name": "15148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15148"
},
{
"name": "17254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17254"
}
]
}
}

170
2005/3xxx/CVE-2005-3253.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3253", "ID": "CVE-2005-3253",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of \"12345\", which allows remote attackers to bypass authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf" "lang": "eng",
}, "value": "Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of \"12345\", which allows remote attackers to bypass authentication."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2931", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2931" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22091", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22091" ]
}, },
{ "references": {
"name" : "18047", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18047" "name": "22091",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22091"
"name" : "18057", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18057" "name": "18047",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18047"
} },
} {
"name": "18057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18057"
},
{
"name": "ADV-2005-2931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2931"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-233.pdf"
},
{
"name": "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf",
"refsource": "CONFIRM",
"url": "http://keygen.proxim.com/support/cs/Documents/802.1x_vulnerability.pdf"
}
]
}
}

160
2005/3xxx/CVE-2005-3517.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3517", "ID": "CVE-2005-3517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051020 XSS & Path Disclosure in Chipmunk's products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112982490104274&w=2" "lang": "eng",
}, "value": "Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php."
{ }
"name" : "http://irannetjob.com/content/view/148/28/", ]
"refsource" : "MISC", },
"url" : "http://irannetjob.com/content/view/148/28/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20170", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20170" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "96", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/96" ]
}, },
{ "references": {
"name" : "chipmunk-guestbook-path-disclosure(22825)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22825" "name": "20051020 XSS & Path Disclosure in Chipmunk's products",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=112982490104274&w=2"
} },
} {
"name": "20170",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20170"
},
{
"name": "96",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/96"
},
{
"name": "chipmunk-guestbook-path-disclosure(22825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22825"
},
{
"name": "http://irannetjob.com/content/view/148/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/148/28/"
}
]
}
}

270
2005/3xxx/CVE-2005-3534.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-3534", "ID": "CVE-2005-3534",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388", "description_data": [
"refsource" : "MISC", {
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388" "lang": "eng",
}, "value": "Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header."
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=116314", ]
"refsource" : "MISC", },
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=116314" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229" ]
}, },
{ "references": {
"name" : "DSA-924", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-924" "name": "43610",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43610"
"name" : "GLSA-200512-14", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml" "name": "18503",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18503"
"name" : "USN-237-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/237-1/" "name": "DSA-924",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-924"
"name" : "16029", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16029" "name": "21848",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/21848"
"name" : "21848", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21848" "name": "18209",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18209"
"name" : "18135", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18135" "name": "USN-237-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/237-1/"
"name" : "18171", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18171" "name": "18171",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18171"
"name" : "18209", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18209" "name": "16029",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16029"
"name" : "18315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18315" "name": "18135",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18135"
"name" : "18503", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18503" "name": "GLSA-200512-14",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-14.xml"
"name" : "43353", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43353" "name": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=380210&group_id=13229"
"name" : "43610", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43610" "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388",
} "refsource": "MISC",
] "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9201144&forum_id=40388"
} },
} {
"name": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=380202&group_id=13229"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=116314",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=116314"
},
{
"name": "43353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43353"
},
{
"name": "18315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18315"
}
]
}
}

190
2005/3xxx/CVE-2005-3622.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-3622", "ID": "CVE-2005-3622",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051115 [FS-05-02] Multiple vulnerabilities in phpMyAdmin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=113208319104035&w=2" "lang": "eng",
}, "value": "phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory."
{ }
"name" : "http://www.fitsec.com/advisories/FS-05-02.txt", ]
"refsource" : "MISC", },
"url" : "http://www.fitsec.com/advisories/FS-05-02.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20911", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20911" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20912", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/20912" ]
}, },
{ "references": {
"name" : "20913", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20913" "name": "20051115 [FS-05-02] Multiple vulnerabilities in phpMyAdmin",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=113208319104035&w=2"
"name" : "20914", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20914" "name": "185",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/185"
"name" : "1015213", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015213" "name": "20914",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/20914"
"name" : "185", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/185" "name": "20912",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/20912"
} },
} {
"name": "1015213",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015213"
},
{
"name": "http://www.fitsec.com/advisories/FS-05-02.txt",
"refsource": "MISC",
"url": "http://www.fitsec.com/advisories/FS-05-02.txt"
},
{
"name": "20911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20911"
},
{
"name": "20913",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20913"
}
]
}
}

190
2005/3xxx/CVE-2005-3954.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3954", "ID": "CVE-2005-3954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php."
{ }
"name" : "http://sourceforge.net/forum/forum.php?forum_id=514600", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/forum/forum.php?forum_id=514600" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15555", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15555" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-2586", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/2586" ]
}, },
{ "references": {
"name" : "21111", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21111" "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1366743&group_id=127552&atid=708847"
"name" : "1015264", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015264" "name": "http://sourceforge.net/forum/forum.php?forum_id=514600",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/forum/forum.php?forum_id=514600"
"name" : "17741", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17741" "name": "17741",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17741"
"name" : "blogbuddies-multiple-scripts-xss(23331)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331" "name": "1015264",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015264"
} },
} {
"name": "blogbuddies-multiple-scripts-xss(23331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23331"
},
{
"name": "15555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15555"
},
{
"name": "21111",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21111"
},
{
"name": "ADV-2005-2586",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2586"
}
]
}
}

34
2005/4xxx/CVE-2005-4070.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-4070", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-4070",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3665. Reason: This candidate is a reservation duplicate of CVE-2005-3665. Notes: All CVE users should reference CVE-2005-3665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3665. Reason: This candidate is a reservation duplicate of CVE-2005-3665. Notes: All CVE users should reference CVE-2005-3665 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

220
2009/2xxx/CVE-2009-2336.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2336", "ID": "CVE-2009-2336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504795/100/0/threaded" "lang": "eng",
}, "value": "The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for \"user convenience.\""
{ }
"name" : "9110", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/9110" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked", "description": [
"refsource" : "MISC", {
"url" : "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2009-7701", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html" ]
}, },
{ "references": {
"name" : "FEDORA-2009-7729", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html" "name": "FEDORA-2009-8538",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html"
"name" : "FEDORA-2009-8529", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html" "name": "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked",
}, "refsource": "MISC",
{ "url": "http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked"
"name" : "FEDORA-2009-8538", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00608.html" "name": "FEDORA-2009-7729",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00676.html"
"name" : "35581", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35581" "name": "20090708 CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/504795/100/0/threaded"
"name" : "55714", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/55714" "name": "1022528",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1022528"
"name" : "1022528", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1022528" "name": "FEDORA-2009-7701",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00632.html"
"name" : "ADV-2009-1833", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1833" "name": "ADV-2009-1833",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/1833"
} },
} {
"name": "FEDORA-2009-8529",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00597.html"
},
{
"name": "9110",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9110"
},
{
"name": "55714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55714"
},
{
"name": "35581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35581"
}
]
}
}

170
2009/2xxx/CVE-2009-2366.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2366", "ID": "CVE-2009-2366",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9024", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9024" "lang": "eng",
}, "value": "SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information."
{ }
"name" : "55496", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/55496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55497", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/55497" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35589", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35589" ]
}, },
{ "references": {
"name" : "35603", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35603" "name": "55497",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/55497"
"name" : "datacheck-login-sql-injection(51403)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51403" "name": "datacheck-login-sql-injection(51403)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51403"
} },
} {
"name": "35603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35603"
},
{
"name": "55496",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55496"
},
{
"name": "9024",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9024"
},
{
"name": "35589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35589"
}
]
}
}

190
2009/2xxx/CVE-2009-2959.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2959", "ID": "CVE-2009-2959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Buildbot-devel] 20090812 [SECURITY ALERT] Cross-site scripting vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908121232mb790a6cn787ac3de90e8bc31%40mail.gmail.com" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://buildbot.net/trac#SecurityAlert", ]
"refsource" : "CONFIRM", },
"url" : "http://buildbot.net/trac#SecurityAlert" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2009-8516", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2009-8577", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html" ]
}, },
{ "references": {
"name" : "36100", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36100" "name": "FEDORA-2009-8577",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html"
"name" : "36352", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36352" "name": "[Buildbot-devel] 20090812 [SECURITY ALERT] Cross-site scripting vulnerability",
}, "refsource": "MLIST",
{ "url": "http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908121232mb790a6cn787ac3de90e8bc31%40mail.gmail.com"
"name" : "36418", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36418" "name": "FEDORA-2009-8516",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html"
"name" : "ADV-2009-2352", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2352" "name": "ADV-2009-2352",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/2352"
} },
} {
"name": "http://buildbot.net/trac#SecurityAlert",
"refsource": "CONFIRM",
"url": "http://buildbot.net/trac#SecurityAlert"
},
{
"name": "36352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36352"
},
{
"name": "36418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36418"
},
{
"name": "36100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36100"
}
]
}
}

140
2009/3xxx/CVE-2009-3564.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3564", "ID": "CVE-2009-3564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.reductivelabs.com/issues/1806", "description_data": [
"refsource" : "MISC", {
"url" : "http://projects.reductivelabs.com/issues/1806" "lang": "eng",
}, "value": "puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=475201", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=475201" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://puppet.com/security/cve/cve-2009-3564", "description": [
"refsource" : "CONFIRM", {
"url" : "https://puppet.com/security/cve/cve-2009-3564" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2009-3564",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2009-3564"
},
{
"name": "http://projects.reductivelabs.com/issues/1806",
"refsource": "MISC",
"url": "http://projects.reductivelabs.com/issues/1806"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=475201",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475201"
}
]
}
}

160
2009/3xxx/CVE-2009-3666.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3666", "ID": "CVE-2009-3666",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090909 Nullam Blog Multiple Remote Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/506380/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0.1.2 allows remote attackers to inject arbitrary web script or HTML via the e parameter in an error action."
{ }
"name" : "9625", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/9625" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "57921", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/57921" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36648", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/36648" ]
}, },
{ "references": {
"name" : "nullam-index-xss(53216)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53216" "name": "57921",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/57921"
} },
} {
"name": "9625",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9625"
},
{
"name": "nullam-index-xss(53216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53216"
},
{
"name": "20090909 Nullam Blog Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506380/100/0/threaded"
},
{
"name": "36648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36648"
}
]
}
}

230
2009/3xxx/CVE-2009-3727.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-3727", "ID": "CVE-2009-3727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.asterisk.org/pub/security/AST-2009-008.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.asterisk.org/pub/security/AST-2009-008.html" "lang": "eng",
}, "value": "Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=523277", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=523277" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=533137", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=533137" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1952", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2009/dsa-1952" ]
}, },
{ "references": {
"name" : "FEDORA-2009-11070", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html" "name": "37265",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37265"
"name" : "FEDORA-2009-11126", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html" "name": "FEDORA-2009-11126",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html"
"name" : "36924", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36924" "name": "37479",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37479"
"name" : "59697", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/59697" "name": "37677",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37677"
"name" : "1023133", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023133" "name": "DSA-1952",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1952"
"name" : "37265", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37265" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=523277",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523277"
"name" : "37479", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37479" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=533137",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533137"
"name" : "37677", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37677" "name": "36924",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/36924"
} },
} {
"name": "FEDORA-2009-11070",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html"
},
{
"name": "59697",
"refsource": "OSVDB",
"url": "http://osvdb.org/59697"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-008.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-008.html"
},
{
"name": "1023133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023133"
}
]
}
}

310
2009/3xxx/CVE-2009-3981.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3981", "ID": "CVE-2009-3981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=468771", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=468771" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546713", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546713" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1956", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2009/dsa-1956" ]
}, },
{ "references": {
"name" : "RHSA-2009:1674", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html" "name": "37704",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37704"
"name" : "SUSE-SA:2009:063", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html" "name": "37699",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37699"
"name" : "USN-873-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-873-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=468771",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=468771"
"name" : "37349", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37349" "name": "ADV-2009-3547",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3547"
"name" : "37363", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37363" "name": "37881",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37881"
"name" : "oval:org.mitre.oval:def:8523", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8523" "name": "37785",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37785"
"name" : "oval:org.mitre.oval:def:8584", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8584" "name": "1023333",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023333"
"name" : "1023333", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023333" "name": "37813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37813"
"name" : "1023334", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023334" "name": "USN-873-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-873-1"
"name" : "37699", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37699" "name": "37363",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37363"
"name" : "37704", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37704" "name": "firefox-browser-engine-code-exec(54801)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54801"
"name" : "37785", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37785" "name": "37349",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37349"
"name" : "37813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37813" "name": "RHSA-2009:1674",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html"
"name" : "37881", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37881" "name": "oval:org.mitre.oval:def:8584",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8584"
"name" : "ADV-2009-3547", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3547" "name": "DSA-1956",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1956"
"name" : "firefox-browser-engine-code-exec(54801)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54801" "name": "oval:org.mitre.oval:def:8523",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8523"
} },
} {
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-65.html"
},
{
"name": "1023334",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023334"
},
{
"name": "SUSE-SA:2009:063",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=546713",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546713"
}
]
}
}

120
2009/4xxx/CVE-2009-4391.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4391", "ID": "CVE-2009-4391",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}

120
2015/0xxx/CVE-2015-0116.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-0116", "ID": "CVE-2015-0116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807" "lang": "eng",
} "value": "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807"
}
]
}
}

130
2015/0xxx/CVE-2015-0554.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-0554", "ID": "CVE-2015-0554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35721", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35721" "lang": "eng",
}, "value": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html."
{ }
"name" : "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35721",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35721"
},
{
"name": "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html"
}
]
}
}

230
2015/0xxx/CVE-2015-0564.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-0564", "ID": "CVE-2015-0564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2015-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2015-05.html" "lang": "eng",
}, "value": "Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session."
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57", ]
"refsource" : "CONFIRM", },
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://advisories.mageia.org/MGASA-2015-0019.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2015-0019.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" "name": "http://advisories.mageia.org/MGASA-2015-0019.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2015-0019.html"
"name" : "DSA-3141", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3141" "name": "62612",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62612"
"name" : "MDVSA-2015:022", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022" "name": "MDVSA-2015:022",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022"
"name" : "RHSA-2015:1460", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1460.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "openSUSE-SU-2015:0113", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html" "name": "RHSA-2015:1460",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1460.html"
"name" : "71922", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71922" "name": "http://www.wireshark.org/security/wnpa-sec-2015-05.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2015-05.html"
"name" : "62612", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62612" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
"name" : "62673", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62673" "name": "DSA-3141",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2015/dsa-3141"
} },
} {
"name": "62673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62673"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d3581aecda62d2a51ea7088fd46975415b03ec57"
},
{
"name": "71922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71922"
},
{
"name": "openSUSE-SU-2015:0113",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html"
}
]
}
}

140
2015/0xxx/CVE-2015-0740.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0740", "ID": "CVE-2015-0740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826."
{ }
"name" : "74732", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/74732" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032367", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032367" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913"
},
{
"name": "74732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74732"
},
{
"name": "1032367",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032367"
}
]
}
}

130
2015/0xxx/CVE-2015-0752.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0752", "ID": "CVE-2015-0752",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150527 Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39012" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635."
{ }
"name" : "1032421", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032421" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032421",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032421"
},
{
"name": "20150527 Cisco Telepresence Video Communication Server Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39012"
}
]
}
}

180
2015/1xxx/CVE-2015-1275.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1275", "ID": "CVE-2015-1275",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka \"Universal XSS (UXSS).\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka \"Universal XSS (UXSS).\""
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=462843", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=462843" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codereview.chromium.org/1059413004/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/1059413004/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201603-09", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201603-09" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:1287", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" "name": "https://codereview.chromium.org/1059413004/",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/1059413004/"
"name" : "75973", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75973" "name": "openSUSE-SU-2015:1287",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
"name" : "1033031", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033031" "name": "1033031",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1033031"
} },
} {
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=462843",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=462843"
}
]
}
}

140
2015/1xxx/CVE-2015-1324.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2015-1324", "ID": "CVE-2015-1324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239" "lang": "eng",
}, "value": "Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries."
{ }
"name" : "USN-2609-1", ]
"refsource" : "UBUNTU", },
"url" : "http://www.ubuntu.com/usn/USN-2609-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74767", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74767" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "USN-2609-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2609-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239"
},
{
"name": "74767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74767"
}
]
}
}

140
2015/1xxx/CVE-2015-1950.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1950", "ID": "CVE-2015-1950",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740" "lang": "eng",
}, "value": "IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code."
{ }
"name" : "IT08926", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "75102", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75102" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740"
},
{
"name": "75102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75102"
},
{
"name": "IT08926",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926"
}
]
}
}

150
2015/4xxx/CVE-2015-4190.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4190", "ID": "CVE-2015-4190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150616 Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39380" "lang": "eng",
}, "value": "Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683."
{ }
"name" : "75271", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75271" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032593", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032593" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032594", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032594" ]
} },
] "references": {
} "reference_data": [
} {
"name": "75271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75271"
},
{
"name": "1032593",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032593"
},
{
"name": "20150616 Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39380"
},
{
"name": "1032594",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032594"
}
]
}
}

120
2015/4xxx/CVE-2015-4747.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4747", "ID": "CVE-2015-4747",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CEP system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" "lang": "eng",
} "value": "Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CEP system."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
}
]
}
}

130
2015/4xxx/CVE-2015-4924.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4924", "ID": "CVE-2015-4924",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security."
{ }
"name" : "1034727", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034727" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "1034727",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034727"
}
]
}
}

130
2015/5xxx/CVE-2015-5246.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5246", "ID": "CVE-2015-5246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.theforeman.org/issues/11471", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.theforeman.org/issues/11471" "lang": "eng",
}, "value": "The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1258700", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1258700" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://projects.theforeman.org/issues/11471",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/11471"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258700"
}
]
}
}

490
2015/5xxx/CVE-2015-5364.json
View File

@ -1,247 +1,247 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2015-5364", "ID": "CVE-2015-5364",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150630 CVE Request: UDP checksum DoS", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/06/30/13" "lang": "eng",
}, "value": "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood."
{ }
"name" : "https://twitter.com/grsecurity/status/605854034260426753", ]
"refsource" : "MISC", },
"url" : "https://twitter.com/grsecurity/status/605854034260426753" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1239029", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1239029" "name": "SUSE-SU-2015:1491",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
"name" : "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0" "name": "SUSE-SU-2015:1489",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "USN-2713-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2713-1"
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", },
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" "name": "SUSE-SU-2015:1488",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
"name" : "DSA-3329", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3329" "name": "USN-2680-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2680-1"
"name" : "DSA-3313", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3313" "name": "USN-2682-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2682-1"
"name" : "RHSA-2016:1225", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1225" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name" : "RHSA-2016:1096", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1096.html" "name": "SUSE-SU-2015:1611",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"
"name" : "RHSA-2016:1100", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1100.html" "name": "RHSA-2015:1778",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html"
"name" : "RHSA-2016:0045", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0045.html" "name": "USN-2714-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2714-1"
"name" : "RHSA-2015:1778", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1778.html" "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6"
"name" : "RHSA-2015:1787", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1787.html" "name": "RHSA-2016:1096",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1096.html"
"name" : "RHSA-2015:1623", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1623.html" "name": "https://twitter.com/grsecurity/status/605854034260426753",
}, "refsource": "MISC",
{ "url": "https://twitter.com/grsecurity/status/605854034260426753"
"name" : "SUSE-SU-2015:1478", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html" "name": "SUSE-SU-2015:1324",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"
"name" : "SUSE-SU-2015:1592", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html" "name": "DSA-3329",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3329"
"name" : "SUSE-SU-2015:1611", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html" "name": "[oss-security] 20150630 CVE Request: UDP checksum DoS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/06/30/13"
"name" : "SUSE-SU-2015:1224", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1239029",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1239029"
"name" : "SUSE-SU-2015:1324", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html" "name": "RHSA-2015:1787",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html"
"name" : "SUSE-SU-2015:1490", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "openSUSE-SU-2015:1382", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html" "name": "1032794",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032794"
"name" : "SUSE-SU-2015:1487", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html" "name": "openSUSE-SU-2015:1382",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
"name" : "SUSE-SU-2015:1488", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html" "name": "USN-2684-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2684-1"
"name" : "SUSE-SU-2015:1489", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html" "name": "DSA-3313",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3313"
"name" : "SUSE-SU-2015:1491", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761",
}, "refsource": "CONFIRM",
{ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"
"name" : "USN-2680-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2680-1" "name": "USN-2681-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2681-1"
"name" : "USN-2681-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2681-1" "name": "RHSA-2016:0045",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-0045.html"
"name" : "USN-2682-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2682-1" "name": "SUSE-SU-2015:1478",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
"name" : "USN-2683-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2683-1" "name": "USN-2683-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2683-1"
"name" : "USN-2684-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2684-1" "name": "SUSE-SU-2015:1490",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html"
"name" : "USN-2713-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2713-1" "name": "75510",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/75510"
"name" : "USN-2714-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2714-1" "name": "RHSA-2016:1225",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1225"
"name" : "75510", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75510" "name": "RHSA-2016:1100",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1100.html"
"name" : "1032794", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032794" "name": "RHSA-2015:1623",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-1623.html"
} },
} {
"name": "SUSE-SU-2015:1224",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"name": "SUSE-SU-2015:1487",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
},
{
"name": "SUSE-SU-2015:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"
},
{
"name": "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0"
}
]
}
}

132
2015/9xxx/CVE-2015-9180.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2015-9180", "ID": "CVE-2015-9180",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850" "version_value": "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Core."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Core."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2018/2xxx/CVE-2018-2108.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2108", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2108",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

140
2018/3xxx/CVE-2018-3221.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3221", "ID": "CVE-2018-3221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Outside In Technology", "product_name": "Outside In Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.3" "version_value": "8.5.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.4" "version_value": "8.5.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)."
{ }
"name" : "105603", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105603" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105603"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

34
2018/3xxx/CVE-2018-3509.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3509", "ID": "CVE-2018-3509",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3518.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3518", "ID": "CVE-2018-3518",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2018/3xxx/CVE-2018-3598.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2018-3598", "ID": "CVE-2018-3598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure in Camera"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
} "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}

172
2018/6xxx/CVE-2018-6085.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6085", "ID": "CVE-2018-6085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "66.0.3359.117" "version_value": "66.0.3359.117"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Object corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/826626", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/826626" "lang": "eng",
}, "value": "Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page."
{ }
"name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4182", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4182" "lang": "eng",
}, "value": "Object corruption"
{ }
"name" : "GLSA-201804-22", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201804-22" ]
}, },
{ "references": {
"name" : "RHSA-2018:1195", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1195" "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
"name" : "103917", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103917" "name": "GLSA-201804-22",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201804-22"
} },
} {
"name": "https://crbug.com/826626",
"refsource": "MISC",
"url": "https://crbug.com/826626"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "103917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103917"
},
{
"name": "RHSA-2018:1195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1195"
}
]
}
}

172
2018/6xxx/CVE-2018-6163.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6163", "ID": "CVE-2018-6163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "68.0.3440.75" "version_value": "68.0.3440.75"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/849398", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/849398" "lang": "eng",
}, "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name."
{ }
"name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4256", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4256" "lang": "eng",
}, "value": "Insufficient policy enforcement"
{ }
"name" : "GLSA-201808-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201808-01" ]
}, },
{ "references": {
"name" : "RHSA-2018:2282", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2282" "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
"name" : "104887", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104887" "name": "RHSA-2018:2282",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:2282"
} },
} {
"name": "GLSA-201808-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-01"
},
{
"name": "DSA-4256",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4256"
},
{
"name": "https://crbug.com/849398",
"refsource": "MISC",
"url": "https://crbug.com/849398"
},
{
"name": "104887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104887"
}
]
}
}

142
2018/6xxx/CVE-2018-6960.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@vmware.com", "ASSIGNER": "security@vmware.com",
"DATE_PUBLIC" : "2018-04-20T00:00:00", "DATE_PUBLIC": "2018-04-20T00:00:00",
"ID" : "CVE-2018-6960", "ID": "CVE-2018-6960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Horizon DaaS", "product_name": "Horizon DaaS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.x before 8.0.0" "version_value": "7.x before 8.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VMware" "vendor_name": "VMware"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Broken authentication vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vmware.com/security/advisories/VMSA-2018-0010.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.vmware.com/security/advisories/VMSA-2018-0010.html" "lang": "eng",
}, "value": "VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS."
{ }
"name" : "103938", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103938" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040731", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040731" "lang": "eng",
} "value": "Broken authentication vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103938"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0010.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0010.html"
},
{
"name": "1040731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040731"
}
]
}
}

130
2018/6xxx/CVE-2018-6980.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@vmware.com", "ASSIGNER": "security@vmware.com",
"ID" : "CVE-2018-6980", "ID": "CVE-2018-6980",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VMware vRealize Log Insight", "product_name": "VMware vRealize Log Insight",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)" "version_value": "VVMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VMware" "vendor_name": "VMware"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authorization bypass vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vmware.com/security/advisories/VMSA-2018-0028.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.vmware.com/security/advisories/VMSA-2018-0028.html" "lang": "eng",
}, "value": "VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they are not allowed to perform."
{ }
"name" : "105925", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105925" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Authorization bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0028.html"
},
{
"name": "105925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105925"
}
]
}
}

150
2018/7xxx/CVE-2018-7053.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7053", "ID": "CVE-2018-7053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2018/02/15/1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://openwall.com/lists/oss-security/2018/02/15/1" "lang": "eng",
}, "value": "An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order."
{ }
"name" : "https://irssi.org/security/irssi_sa_2018_02.txt", ]
"refsource" : "CONFIRM", },
"url" : "https://irssi.org/security/irssi_sa_2018_02.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4162", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4162" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3590-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3590-1/" ]
} },
] "references": {
} "reference_data": [
} {
"name": "DSA-4162",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4162"
},
{
"name": "https://irssi.org/security/irssi_sa_2018_02.txt",
"refsource": "CONFIRM",
"url": "https://irssi.org/security/irssi_sa_2018_02.txt"
},
{
"name": "http://openwall.com/lists/oss-security/2018/02/15/1",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2018/02/15/1"
},
{
"name": "USN-3590-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3590-1/"
}
]
}
}

178
2018/7xxx/CVE-2018-7358.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@zte.com.cn", "ASSIGNER": "psirt@zte.com.cn",
"ID" : "CVE-2018-7358", "ID": "CVE-2018-7358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ZXHN H168N", "product_name": "ZXHN H168N",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T" "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ZTE" "vendor_name": "ZTE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization\n"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45972", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45972/" "lang": "eng",
}, "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
{ }
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523", ]
"refsource" : "CONFIRM", },
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523" "impact": {
}, "cvss": {
{ "attackComplexity": "LOW",
"name" : "105963", "attackVector": "ADJACENT_NETWORK",
"refsource" : "BID", "availabilityImpact": "HIGH",
"url" : "http://www.securityfocus.com/bid/105963" "baseScore": 6.5,
} "baseSeverity": "MEDIUM",
] "confidentialityImpact": "NONE",
}, "integrityImpact": "NONE",
"source" : { "privilegesRequired": "NONE",
"discovery" : "UNKNOWN" "scope": "UNCHANGED",
} "userInteraction": "NONE",
} "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105963"
},
{
"name": "45972",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45972/"
},
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/7xxx/CVE-2018-7630.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7630", "ID": "CVE-2018-7630",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

196
2018/7xxx/CVE-2018-7691.json
View File

@ -1,100 +1,100 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2018-12-12T15:30:00.000Z", "DATE_PUBLIC": "2018-12-12T15:30:00.000Z",
"ID" : "CVE-2018-7691", "ID": "CVE-2018-7691",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access" "TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Fortify Software Security Center (SSC)", "product_name": "Fortify Software Security Center (SSC)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "17.10, 17.20, 18.10" "version_value": "17.10, 17.20, 18.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Micro Focus" "vendor_name": "Micro Focus"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Remote Unauthorized Access"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Unauthorized Access"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
"name" : "45990", }
"refsource" : "EXPLOIT-DB", ],
"url" : "https://www.exploit-db.com/exploits/45990/" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://softwaresupport.softwaregrp.com/doc/KM03298201", "description": {
"refsource" : "MISC", "description_data": [
"url" : "https://softwaresupport.softwaregrp.com/doc/KM03298201" {
} "lang": "eng",
] "value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}, }
"source" : { ]
"discovery" : "UNKNOWN" },
} "exploit": [
} {
"lang": "eng",
"value": "Remote Unauthorized Access"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03298201",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

132
2018/7xxx/CVE-2018-7785.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00", "DATE_PUBLIC": "2018-05-31T00:00:00",
"ID" : "CVE-2018-7785", "ID": "CVE-2018-7785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "U.motion Builder", "product_name": "U.motion Builder",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "U.motion Builder, all versions prior to 1.3.4" "version_value": "U.motion Builder, all versions prior to 1.3.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Command Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/" "lang": "eng",
}, "value": "In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass."
{ }
"name" : "104447", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104447" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
},
{
"name": "104447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104447"
}
]
}
}