admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:39:22 +00:00
parent 83d265c705
commit d2b1d3b59c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3626 additions and 3626 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1999/1xxx/CVE-1999-1425.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1425", "ID": "CVE-1999-1425",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "00145", "description_data": [
"refsource" : "SUN", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145" "lang": "eng",
}, "value": "Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd."
{ }
"name" : "208", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/208" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/208"
},
{
"name": "00145",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145"
}
]
}
}

150
2000/1xxx/CVE-2000-1230.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1230", "ID": "CVE-2000-1230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to \"boogieman\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000106 Phorum 3.0.7 exploits and IDS signatures", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html" "lang": "eng",
}, "value": "Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to \"boogieman\"."
{ }
"name" : "http://hispahack.ccc.de/mi020.html", ]
"refsource" : "MISC", },
"url" : "http://hispahack.ccc.de/mi020.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm", "description": [
"refsource" : "MISC", {
"url" : "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2274", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/2274" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm"
},
{
"name": "20000106 Phorum 3.0.7 exploits and IDS signatures",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html"
},
{
"name": "2274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2274"
},
{
"name": "http://hispahack.ccc.de/mi020.html",
"refsource": "MISC",
"url": "http://hispahack.ccc.de/mi020.html"
}
]
}
}

170
2005/2xxx/CVE-2005-2659.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-2659", "ID": "CVE-2005-2659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://mail-index.netbsd.org/pkgsrc-changes/2005/09/12/0010.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://mail-index.netbsd.org/pkgsrc-changes/2005/09/12/0010.html" "lang": "eng",
}, "value": "Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors."
{ }
"name" : "DSA-886", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-886" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15338", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15338" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17325", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17325" ]
}, },
{ "references": {
"name" : "17775", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17775" "name": "DSA-886",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-886"
"name" : "17494", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17494" "name": "17775",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/17775"
} },
} {
"name": "17325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17325"
},
{
"name": "17494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17494"
},
{
"name": "15338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15338"
},
{
"name": "http://mail-index.netbsd.org/pkgsrc-changes/2005/09/12/0010.html",
"refsource": "CONFIRM",
"url": "http://mail-index.netbsd.org/pkgsrc-changes/2005/09/12/0010.html"
}
]
}
}

34
2005/2xxx/CVE-2005-2740.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-2740", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-2740",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
} }
] ]
} }
} }

160
2005/2xxx/CVE-2005-2809.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2809", "ID": "CVE-2005-2809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050901 silc server and toolkit insecure temporary file creation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/409672" "lang": "eng",
}, "value": "silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file."
{ }
"name" : "http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt", ]
"refsource" : "MISC", },
"url" : "http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=94587", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=94587" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14716", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/14716" ]
}, },
{ "references": {
"name" : "16659", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16659/" "name": "16659",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/16659/"
} },
} {
"name": "http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt"
},
{
"name": "14716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14716"
},
{
"name": "20050901 silc server and toolkit insecure temporary file creation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/409672"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=94587",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=94587"
}
]
}
}

200
2005/3xxx/CVE-2005-3089.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3089", "ID": "CVE-2005-3089",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=302100", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=302100" "lang": "eng",
}, "value": "Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability."
{ }
"name" : "http://www.mozilla.org/products/firefox/releases/1.0.7.html", ]
"refsource" : "MISC", },
"url" : "http://www.mozilla.org/products/firefox/releases/1.0.7.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA-2006:168375", "description": [
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14924", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/14924" ]
}, },
{ "references": {
"name" : "19615", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19615" "name": "1014949",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014949"
"name" : "oval:org.mitre.oval:def:9280", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9280" "name": "14924",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14924"
"name" : "1014949", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014949" "name": "FLSA-2006:168375",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html"
"name" : "16977", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16977" "name": "http://www.mozilla.org/products/firefox/releases/1.0.7.html",
}, "refsource": "MISC",
{ "url": "http://www.mozilla.org/products/firefox/releases/1.0.7.html"
"name" : "mozillafirefox-proxy-dos(22371)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22371" "name": "oval:org.mitre.oval:def:9280",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9280"
} },
} {
"name": "19615",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19615"
},
{
"name": "mozillafirefox-proxy-dos(22371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22371"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=302100",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302100"
},
{
"name": "16977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16977"
}
]
}
}

140
2005/3xxx/CVE-2005-3306.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3306", "ID": "CVE-2005-3306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051022 File Including In FLAT NUKE", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=113018940229407&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307."
{ }
"name" : "20246", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/20246" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17291", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17291/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20051022 File Including In FLAT NUKE",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113018940229407&w=2"
},
{
"name": "20246",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20246"
},
{
"name": "17291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17291/"
}
]
}
}

170
2005/3xxx/CVE-2005-3884.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3884", "ID": "CVE-2005-3884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php."
{ }
"name" : "15579", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15579" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2603", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2603" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21197", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21197" ]
}, },
{ "references": {
"name" : "17766", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17766" "name": "ADV-2005-2603",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2603"
"name" : "zainu-index-sql-injection(23274)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23274" "name": "17766",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/17766"
} },
} {
"name": "21197",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21197"
},
{
"name": "15579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15579"
},
{
"name": "zainu-index-sql-injection(23274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23274"
},
{
"name": "http://pridels0.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html"
}
]
}
}

190
2005/4xxx/CVE-2005-4214.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4214", "ID": "CVE-2005-4214",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051213 phpCOIN 1.2.2 multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419382/100/0/threaded" "lang": "eng",
}, "value": "phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined."
{ }
"name" : "http://rgod.altervista.org/phpcoin122.html", ]
"refsource" : "MISC", },
"url" : "http://rgod.altervista.org/phpcoin122.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://rgod.altervista.org/phpcoin_122_sql_xpl.html", "description": [
"refsource" : "MISC", {
"url" : "http://rgod.altervista.org/phpcoin_122_sql_xpl.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://forums.phpcoin.com/index.php?showtopic=5469", ]
"refsource" : "CONFIRM", }
"url" : "http://forums.phpcoin.com/index.php?showtopic=5469" ]
}, },
{ "references": {
"name" : "ADV-2005-2888", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2888" "name": "http://rgod.altervista.org/phpcoin122.html",
}, "refsource": "MISC",
{ "url": "http://rgod.altervista.org/phpcoin122.html"
"name" : "21726", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21726" "name": "http://rgod.altervista.org/phpcoin_122_sql_xpl.html",
}, "refsource": "MISC",
{ "url": "http://rgod.altervista.org/phpcoin_122_sql_xpl.html"
"name" : "1015345", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015345" "name": "http://forums.phpcoin.com/index.php?showtopic=5469",
}, "refsource": "CONFIRM",
{ "url": "http://forums.phpcoin.com/index.php?showtopic=5469"
"name" : "18030", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18030" "name": "21726",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/21726"
} },
} {
"name": "18030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18030"
},
{
"name": "20051213 phpCOIN 1.2.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419382/100/0/threaded"
},
{
"name": "ADV-2005-2888",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2888"
},
{
"name": "1015345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015345"
}
]
}
}

140
2005/4xxx/CVE-2005-4684.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4684", "ID": "CVE-2005-4684",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051104 Browser cookie handling: possible cross-domain cookie sharing", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html" "lang": "eng",
}, "value": "Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site."
{ }
"name" : "15331", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15331" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "konqueror-cookie-information-disclosure(25291)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "15331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15331"
},
{
"name": "20051104 Browser cookie handling: possible cross-domain cookie sharing",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html"
},
{
"name": "konqueror-cookie-information-disclosure(25291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25291"
}
]
}
}

190
2009/2xxx/CVE-2009-2753.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2753", "ID": "CVE-2009-2753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100301 ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/509789/100/0/threaded" "lang": "eng",
}, "value": "Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-022", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-022" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IC55329", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC55329" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IC55330", ]
"refsource" : "AIXAPAR", }
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC55330" ]
}, },
{ "references": {
"name" : "38471", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38471" "name": "38731",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38731"
"name" : "1023669", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023669" "name": "ADV-2010-0508",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0508"
"name" : "38731", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38731" "name": "IC55329",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
"name" : "ADV-2010-0508", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0508" "name": "IC55330",
} "refsource": "AIXAPAR",
] "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
} },
} {
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-022",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-022"
},
{
"name": "1023669",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023669"
},
{
"name": "20100301 ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509789/100/0/threaded"
},
{
"name": "38471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38471"
}
]
}
}

230
2009/2xxx/CVE-2009-2855.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2855", "ID": "CVE-2009-2855",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090720 squid DoS in external auth header parser", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/07/20/10" "lang": "eng",
}, "value": "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function."
{ }
"name" : "[oss-security] 20090803 Re: squid DoS in external auth header parser", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/08/03/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20090804 Re: squid DoS in external auth header parser", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/08/04/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982", ]
"refsource" : "MISC", }
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982" ]
}, },
{ "references": {
"name" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704" "name": "[oss-security] 20090803 Re: squid DoS in external auth header parser",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/08/03/3"
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982" "name": "36091",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36091"
"name" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", },
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=518182", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=518182" "name": "[oss-security] 20090804 Re: squid DoS in external auth header parser",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/08/04/6"
"name" : "36091", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36091" "name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704",
}, "refsource": "MISC",
{ "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704"
"name" : "oval:org.mitre.oval:def:10592", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592" "name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541"
"name" : "1022757", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022757" "name": "1022757",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022757"
"name" : "squid-strlistgetitem-dos(52610)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610" "name": "oval:org.mitre.oval:def:10592",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=518182",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182"
},
{
"name": "[oss-security] 20090720 squid DoS in external auth header parser",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/07/20/10"
},
{
"name": "squid-strlistgetitem-dos(52610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982"
}
]
}
}

120
2009/2xxx/CVE-2009-2914.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2914", "ID": "CVE-2009-2914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2009-2010", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2010" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2010"
}
]
}
}

140
2009/3xxx/CVE-2009-3491.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3491", "ID": "CVE-2009-3491",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0909-exploits/joomlasportfusion-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0909-exploits/joomlasportfusion-sql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php."
{ }
"name" : "36481", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36481" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36844", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36844" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0909-exploits/joomlasportfusion-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/joomlasportfusion-sql.txt"
},
{
"name": "36844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36844"
},
{
"name": "36481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36481"
}
]
}
}

120
2009/3xxx/CVE-2009-3574.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3574", "ID": "CVE-2009-3574",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9671", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9671" "lang": "eng",
} "value": "Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9671",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9671"
}
]
}
}

140
2009/3xxx/CVE-2009-3943.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3943", "ID": "CVE-2009-3943",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091108 DoS vulnerability in Internet Explorer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507731/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (application hang) via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property."
{ }
"name" : "20091109 Re: Re: DoS vulnerability in Internet Explorer", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/507760/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://websecurity.com.ua/3658/", "description": [
"refsource" : "MISC", {
"url" : "http://websecurity.com.ua/3658/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20091109 Re: Re: DoS vulnerability in Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507760/100/0/threaded"
},
{
"name": "20091108 DoS vulnerability in Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507731/100/0/threaded"
},
{
"name": "http://websecurity.com.ua/3658/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3658/"
}
]
}
}

170
2009/4xxx/CVE-2009-4075.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4075", "ID": "CVE-2009-4075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a \"dangling sshd authentication thread.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-143140-01-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-143140-01-1" "lang": "eng",
}, "value": "Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a \"dangling sshd authentication thread.\""
{ }
"name" : "272629", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37116", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37116" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60498", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/60498" ]
}, },
{ "references": {
"name" : "ADV-2009-3333", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3333" "name": "ADV-2009-3333",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3333"
"name" : "solaris-sshd1m-dos(54401)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54401" "name": "60498",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/60498"
} },
} {
"name": "272629",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1"
},
{
"name": "solaris-sshd1m-dos(54401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54401"
},
{
"name": "37116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37116"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-143140-01-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-143140-01-1"
}
]
}
}

210
2009/4xxx/CVE-2009-4150.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4150", "ID": "CVE-2009-4150",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21386689", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21386689" "lang": "eng",
}, "value": "dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21403619", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21403619" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IC64759", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IZ40340", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340" ]
}, },
{ "references": {
"name" : "IZ40343", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343" "name": "IZ40343",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343"
"name" : "IZ40352", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352" "name": "IC64759",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759"
"name" : "1023242", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023242" "name": "36890",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36890"
"name" : "36890", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36890" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21403619"
"name" : "37454", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37454" "name": "1023242",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023242"
"name" : "ADV-2009-3340", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3340" "name": "IZ40340",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340"
} },
} {
"name": "ADV-2009-3340",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3340"
},
{
"name": "37454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37454"
},
{
"name": "IZ40352",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40352"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21386689"
}
]
}
}

220
2009/4xxx/CVE-2009-4372.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4372", "ID": "CVE-2009-4372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf" "lang": "eng",
}, "value": "AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/."
{ }
"name" : "10480", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/10480" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.alienvault.com/community.php?section=News", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.alienvault.com/community.php?section=News" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37375", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/37375" ]
}, },
{ "references": {
"name" : "61151", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/61151" "name": "ossim-uniqueid-command-execution(54843)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843"
"name" : "61152", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/61152" "name": "61151",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/61151"
"name" : "61153", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/61153" "name": "37727",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37727"
"name" : "61154", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/61154" "name": "http://www.alienvault.com/community.php?section=News",
}, "refsource": "CONFIRM",
{ "url": "http://www.alienvault.com/community.php?section=News"
"name" : "61155", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/61155" "name": "37375",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37375"
"name" : "37727", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37727" "name": "61152",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/61152"
"name" : "ossim-uniqueid-command-execution(54843)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54843" "name": "61153",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/61153"
} },
} {
"name": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/OSSIM_2_1_5_Remote_Command_Execution.pdf"
},
{
"name": "61154",
"refsource": "OSVDB",
"url": "http://osvdb.org/61154"
},
{
"name": "10480",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10480"
},
{
"name": "61155",
"refsource": "OSVDB",
"url": "http://osvdb.org/61155"
}
]
}
}

140
2009/4xxx/CVE-2009-4674.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4674", "ID": "CVE-2009-4674",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8774", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8774" "lang": "eng",
}, "value": "admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field."
{ }
"name" : "35079", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35079" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "molegroup-admin-security-bypass(50722)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50722" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "8774",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8774"
},
{
"name": "molegroup-admin-security-bypass(50722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50722"
},
{
"name": "35079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35079"
}
]
}
}

130
2009/4xxx/CVE-2009-4803.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4803", "ID": "CVE-2009-4803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/" "lang": "eng",
}, "value": "SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "33997", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33997" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/"
},
{
"name": "33997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33997"
}
]
}
}

160
2015/0xxx/CVE-2015-0259.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-0259", "ID": "CVE-2015-0259",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openstack-announce] 20150313 [OSSA 2015-005] Nova console Cross-Site WebSocket hijacking (CVE-2015-0259)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html" "lang": "eng",
}, "value": "OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage."
{ }
"name" : "https://bugs.launchpad.net/nova/+bug/1409142", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/nova/+bug/1409142" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:0790", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0790.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:0843", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0843.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:0844", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0844.html" "name": "[openstack-announce] 20150313 [OSSA 2015-005] Nova console Cross-Site WebSocket hijacking (CVE-2015-0259)",
} "refsource": "MLIST",
] "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html"
} },
} {
"name": "RHSA-2015:0844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0844.html"
},
{
"name": "RHSA-2015:0790",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0790.html"
},
{
"name": "RHSA-2015:0843",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0843.html"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1409142",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1409142"
}
]
}
}

160
2015/0xxx/CVE-2015-0423.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0423", "ID": "CVE-2015-0423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201507-19", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201507-19" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2015:0946", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" ]
}, },
{ "references": {
"name" : "1032121", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032121" "name": "GLSA-201507-19",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201507-19"
} },
} {
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}

150
2015/0xxx/CVE-2015-0579.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0579", "ID": "CVE-2015-0579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150113 Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579" "lang": "eng",
}, "value": "Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, aka Bug ID CSCur12473."
{ }
"name" : "20150115 Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability", ]
"refsource" : "CISCO", },
"url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=37007" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72057", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72057" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031541", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031541" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20150115 Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37007"
},
{
"name": "72057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72057"
},
{
"name": "1031541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031541"
},
{
"name": "20150113 Cisco TelePresence VCS and Expressway High CPU Utilization Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0579"
}
]
}
}

160
2015/1xxx/CVE-2015-1482.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1482", "ID": "CVE-2015-1482",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534464/100/0/threaded" "lang": "eng",
}, "value": "Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/."
{ }
"name" : "35786", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/35786" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jan/52" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html" ]
}, },
{ "references": {
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt" "name": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html"
} },
} {
"name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534464/100/0/threaded"
},
{
"name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/52"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt"
},
{
"name": "35786",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35786"
}
]
}
}

150
2015/1xxx/CVE-2015-1587.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1587", "ID": "CVE-2015-1587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35113", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35113" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/."
{ }
"name" : "http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html", ]
"refsource" : "MISC", },
"url" : "http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "113928", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/113928" ]
} },
] "references": {
} "reference_data": [
} {
"name": "35113",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35113"
},
{
"name": "http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130383/Maarch-LetterBox-2.8-Unrestricted-File-Upload.html"
},
{
"name": "http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html",
"refsource": "MISC",
"url": "http://asylum.seraum.com/Security-Alert-GED-ECM-Maarch-Critical-Vulnerabilities.html"
},
{
"name": "113928",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/113928"
}
]
}
}

34
2015/1xxx/CVE-2015-1663.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-1663", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-1663",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

140
2015/1xxx/CVE-2015-1685.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1685", "ID": "CVE-2015-1685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet Explorer ASLR Bypass.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-043", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" "lang": "eng",
}, "value": "Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet Explorer ASLR Bypass.\""
{ }
"name" : "74516", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/74516" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032282", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032282" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "74516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74516"
},
{
"name": "1032282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032282"
},
{
"name": "MS15-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
}
]
}
}

150
2015/4xxx/CVE-2015-4152.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4152", "ID": "CVE-2015-4152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150609 Logstash vulnerability CVE-2015-4152", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535725/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option."
{ }
"name" : "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.elastic.co/blog/logstash-1-4-3-released", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.elastic.co/blog/logstash-1-4-3-released" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.elastic.co/community/security/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.elastic.co/community/security/" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20150609 Logstash vulnerability CVE-2015-4152",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535725/100/0/threaded"
},
{
"name": "https://www.elastic.co/blog/logstash-1-4-3-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/logstash-1-4-3-released"
},
{
"name": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132233/Logstash-1.4.2-Directory-Traversal.html"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}

120
2015/4xxx/CVE-2015-4523.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4523", "ID": "CVE-2015-4523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bto.bluecoat.com/security-advisory/sa97", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa97" "lang": "eng",
} "value": "Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa97",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa97"
}
]
}
}

130
2015/4xxx/CVE-2015-4750.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4750", "ID": "CVE-2015-4750",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager."
{ }
"name" : "1032922", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032922" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032922",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032922"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
}
]
}
}

180
2015/4xxx/CVE-2015-4845.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4845", "ID": "CVE-2015-4845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to enumerate database users via a series of requests to Aoljtest.js."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20151027 [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/536770/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to enumerate database users via a series of requests to Aoljtest.js."
{ }
"name" : "20151027 [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/Oct/97" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://erpscan.io/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/", "description": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/134098/Oracle-E-Business-Suite-12.2.4-Database-User-Enumeration.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/134098/Oracle-E-Business-Suite-12.2.4-Database-User-Enumeration.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "name": "1033877",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033877"
"name" : "77249", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/77249" "name": "20151027 [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/536770/100/0/threaded"
"name" : "1033877", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033877" "name": "https://erpscan.io/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/",
} "refsource": "MISC",
] "url": "https://erpscan.io/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "77249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77249"
},
{
"name": "20151027 [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Oct/97"
},
{
"name": "http://packetstormsecurity.com/files/134098/Oracle-E-Business-Suite-12.2.4-Database-User-Enumeration.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134098/Oracle-E-Business-Suite-12.2.4-Database-User-Enumeration.html"
}
]
}
}

120
2015/5xxx/CVE-2015-5787.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5787", "ID": "CVE-2015-5787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/kb/HT205030", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT205030" "lang": "eng",
} "value": "The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
}
]
}
}

200
2015/5xxx/CVE-2015-5807.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5807", "ID": "CVE-2015-5807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
{ }
"name" : "https://support.apple.com/HT205221", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205265", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205265" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-09-16-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" "name": "https://support.apple.com/HT205221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205221"
"name" : "APPLE-SA-2015-09-30-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "openSUSE-SU-2016:0761", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html" "name": "https://support.apple.com/HT205212",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205212"
"name" : "76763", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76763" "name": "76763",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/76763"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "openSUSE-SU-2016:0761",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
} },
} {
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

158
2018/1002xxx/CVE-2018-1002202.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "report@snyk.io",
"DATE_ASSIGNED" : "2018-05-17T10:52Z", "DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002202", "ID": "CVE-2018-1002202",
"REQUESTER" : "danny@snyk.io", "REQUESTER": "danny@snyk.io",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z" "UPDATED": "2018-05-17T10:52Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "zip4j", "product_name": "zip4j",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "1.3.3" "version_value": "1.3.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "zip4j" "vendor_name": "zip4j"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/snyk/zip-slip-vulnerability", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "lang": "eng",
}, "value": "zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
{ }
"name" : "https://snyk.io/research/zip-slip-vulnerability", ]
"refsource" : "MISC", },
"url" : "https://snyk.io/research/zip-slip-vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679", "description": [
"refsource" : "MISC", {
"url" : "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679" "lang": "eng",
}, "value": "CWE-22"
{ }
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03895en_us", ]
"refsource" : "CONFIRM", }
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03895en_us" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://snyk.io/research/zip-slip-vulnerability",
"refsource": "MISC",
"url": "https://snyk.io/research/zip-slip-vulnerability"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03895en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03895en_us"
},
{
"name": "https://github.com/snyk/zip-slip-vulnerability",
"refsource": "MISC",
"url": "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-NETLINGALAZIP4J-31679"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999034.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-31T15:54:50.975168", "DATE_ASSIGNED": "2018-07-31T15:54:50.975168",
"DATE_REQUESTED" : "2018-07-30T00:00:00", "DATE_REQUESTED": "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999034", "ID": "CVE-2018-1999034",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Inedo ProGet Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.8 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933" "lang": "eng",
} "value": "A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-933"
}
]
}
}

34
2018/2xxx/CVE-2018-2181.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2181", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2181",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/2xxx/CVE-2018-2313.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2313", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2313",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

148
2018/2xxx/CVE-2018-2613.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2613", "ID": "CVE-2018-2613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Argus Safety", "product_name": "Argus Safety",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "7.x" "version_value": "7.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.x" "version_value": "8.0.x"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Login). Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)."
{ }
"name" : "102616", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102616" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data as well as unauthorized update, insert or delete access to some of Oracle Argus Safety accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "102616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102616"
}
]
}
}

180
2018/3xxx/CVE-2018-3144.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3144", "ID": "CVE-2018-3144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.23 and prior" "version_value": "5.7.23 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.12 and prior" "version_value": "8.0.12 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3655", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3655" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "USN-3799-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3799-1/" ]
}, },
{ "references": {
"name" : "105594", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105594" "name": "1041888",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041888"
"name" : "1041888", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041888" "name": "RHSA-2018:3655",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:3655"
} },
} {
"name": "USN-3799-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3799-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105594"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
}

170
2018/3xxx/CVE-2018-3209.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3209", "ID": "CVE-2018-3209",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20181018-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20181018-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3002", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3002" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
{ }
"name" : "RHSA-2018:3003", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3003" ]
}, },
{ "references": {
"name" : "105590", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105590" "name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
"name" : "1041889", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041889" "name": "105590",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/105590"
} },
} {
"name": "RHSA-2018:3003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"name": "RHSA-2018:3002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "1041889",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041889"
}
]
}
}

34
2018/3xxx/CVE-2018-3510.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3510", "ID": "CVE-2018-3510",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3545.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3545", "ID": "CVE-2018-3545",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/3xxx/CVE-2018-3652.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"ID" : "CVE-2018-3652", "ID": "CVE-2018-3652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel Xeon Processor", "product_name": "Intel Xeon Processor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family" "version_value": "5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure, Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html" "lang": "eng",
}, "value": "Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180802-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180802-0001/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure, Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180802-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180802-0001/"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html"
}
]
}
}

132
2018/3xxx/CVE-2018-3712.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3712", "ID": "CVE-2018-3712",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "serve node module", "product_name": "serve node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions before 6.4.9" "version_value": "Versions before 6.4.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/zeit/serve/pull/316", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/zeit/serve/pull/316" "lang": "eng",
}, "value": "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path."
{ }
"name" : "https://hackerone.com/reports/307666", ]
"refsource" : "MISC", },
"url" : "https://hackerone.com/reports/307666" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/serve/pull/316",
"refsource": "MISC",
"url": "https://github.com/zeit/serve/pull/316"
},
{
"name": "https://hackerone.com/reports/307666",
"refsource": "MISC",
"url": "https://hackerone.com/reports/307666"
}
]
}
}

120
2018/6xxx/CVE-2018-6387.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6387", "ID": "CVE-2018-6387",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.securiteam.com/index.php/archives/3654", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.securiteam.com/index.php/archives/3654" "lang": "eng",
} "value": "iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3654",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3654"
}
]
}
}

34
2018/6xxx/CVE-2018-6793.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6793", "ID": "CVE-2018-6793",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/7xxx/CVE-2018-7058.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"ID" : "CVE-2018-7058", "ID": "CVE-2018-7058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Aruba ClearPass", "product_name": "Aruba ClearPass",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1" "version_value": "6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass can lead to server compromise"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt" "lang": "eng",
} "value": "Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass can lead to server compromise"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-003.txt"
}
]
}
}

140
2018/7xxx/CVE-2018-7240.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"ID" : "CVE-2018-7240", "ID": "CVE-2018-7240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Modicon Quantum", "product_name": "Modicon Quantum",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions of Modicon Quantum communication modules" "version_value": "All versions of Modicon Quantum communication modules"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbritrary Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01" "lang": "eng",
}, "value": "A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware."
{ }
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103541", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103541" "lang": "eng",
} "value": "Arbritrary Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
},
{
"name": "103541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103541"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
}
]
}
}

130
2018/7xxx/CVE-2018-7482.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7482", "ID": "CVE-2018-7482",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44188", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://exploit-db.com/exploits/44188" "lang": "eng",
}, "value": "** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads."
{ }
"name" : "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0", ]
"refsource" : "MISC", },
"url" : "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0",
"refsource": "MISC",
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44188"
}
]
}
}

120
2018/7xxx/CVE-2018-7544.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7544", "ID": "CVE-2018-7544",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a \"signal SIGTERM\" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.0xlabs.com/2018/03/openvpn-remote-information-disclosure.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.0xlabs.com/2018/03/openvpn-remote-information-disclosure.html" "lang": "eng",
} "value": "** DISPUTED ** A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a \"signal SIGTERM\" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.0xlabs.com/2018/03/openvpn-remote-information-disclosure.html",
"refsource": "MISC",
"url": "http://blog.0xlabs.com/2018/03/openvpn-remote-information-disclosure.html"
}
]
}
}

140
2018/7xxx/CVE-2018-7731.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7731", "ID": "CVE-2018-7731",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=105247", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=105247" "lang": "eng",
}, "value": "An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class."
{ }
"name" : "https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666", ]
"refsource" : "MISC", },
"url" : "https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3668-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3668-1/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666",
"refsource": "MISC",
"url": "https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666"
},
{
"name": "USN-3668-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3668-1/"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=105247",
"refsource": "MISC",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=105247"
}
]
}
}

120
2018/7xxx/CVE-2018-7741.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7741", "ID": "CVE-2018-7741",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069" "lang": "eng",
} "value": "Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069",
"refsource": "MISC",
"url": "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069"
}
]
}
}