mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
0052ebee81
commit
d45096029e
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-0019",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-0019",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "DSA-675",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2005/dsa-675"
|
||||
},
|
||||
{
|
||||
"name" : "12518",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/12518"
|
||||
},
|
||||
{
|
||||
"name" : "1013154",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1013154"
|
||||
},
|
||||
{
|
||||
"name" : "14236",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/14236"
|
||||
},
|
||||
{
|
||||
"name" : "hztty-command-execution(19297)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19297"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "14236",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/14236"
|
||||
},
|
||||
{
|
||||
"name": "12518",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/12518"
|
||||
},
|
||||
{
|
||||
"name": "DSA-675",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2005/dsa-675"
|
||||
},
|
||||
{
|
||||
"name": "hztty-command-execution(19297)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19297"
|
||||
},
|
||||
{
|
||||
"name": "1013154",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1013154"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-0375",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-0375",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=110557050700947&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.waraxe.us/advisory-39.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.waraxe.us/advisory-39.html"
|
||||
},
|
||||
{
|
||||
"name" : "1012868",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1012868"
|
||||
},
|
||||
{
|
||||
"name" : "sgallery-path-disclosure(18877)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18877"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://marc.info/?l=bugtraq&m=110557050700947&w=2"
|
||||
},
|
||||
{
|
||||
"name": "20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html"
|
||||
},
|
||||
{
|
||||
"name": "sgallery-path-disclosure(18877)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18877"
|
||||
},
|
||||
{
|
||||
"name": "http://www.waraxe.us/advisory-39.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.waraxe.us/advisory-39.html"
|
||||
},
|
||||
{
|
||||
"name": "1012868",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1012868"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-0778",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-0778",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=111065868402859&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "12779",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/12779"
|
||||
},
|
||||
{
|
||||
"name" : "14576",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/14576"
|
||||
},
|
||||
{
|
||||
"name" : "photopost-file-upload(19679)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19679"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "12779",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/12779"
|
||||
},
|
||||
{
|
||||
"name": "photopost-file-upload(19679)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19679"
|
||||
},
|
||||
{
|
||||
"name": "20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://marc.info/?l=bugtraq&m=111065868402859&w=2"
|
||||
},
|
||||
{
|
||||
"name": "14576",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/14576"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-2013",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-2013",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20050620 paFaq Multiple Vulnerabilities",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://marc.info/?l=bugtraq&m=111928841328681&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.gulftech.org/?node=research&article_id=00083-06202005",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.gulftech.org/?node=research&article_id=00083-06202005"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20050620 paFaq Multiple Vulnerabilities",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://marc.info/?l=bugtraq&m=111928841328681&w=2"
|
||||
},
|
||||
{
|
||||
"name": "http://www.gulftech.org/?node=research&article_id=00083-06202005",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.gulftech.org/?node=research&article_id=00083-06202005"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-3582",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-3582",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "GLSA-200511-02",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-02.xml"
|
||||
},
|
||||
{
|
||||
"name" : "15120",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/15120"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2005-2281",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2005/2281"
|
||||
},
|
||||
{
|
||||
"name" : "20528",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/20528"
|
||||
},
|
||||
{
|
||||
"name" : "17427",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/17427/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "17427",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/17427/"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-200511-02",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-02.xml"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2005-2281",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2281"
|
||||
},
|
||||
{
|
||||
"name": "20528",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/20528"
|
||||
},
|
||||
{
|
||||
"name": "15120",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/15120"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-3685",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-3685",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://membres.lycos.fr/newnst/exploit/VPASP%20Shopping_By_ConcorDHacK.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://membres.lycos.fr/newnst/exploit/VPASP%20Shopping_By_ConcorDHacK.txt"
|
||||
},
|
||||
{
|
||||
"name" : "15490",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/15490"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2005-2486",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2005/2486"
|
||||
},
|
||||
{
|
||||
"name" : "20954",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/20954"
|
||||
},
|
||||
{
|
||||
"name" : "1015238",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1015238"
|
||||
},
|
||||
{
|
||||
"name" : "17602",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/17602"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20954",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/20954"
|
||||
},
|
||||
{
|
||||
"name": "15490",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/15490"
|
||||
},
|
||||
{
|
||||
"name": "17602",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/17602"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2005-2486",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2486"
|
||||
},
|
||||
{
|
||||
"name": "http://membres.lycos.fr/newnst/exploit/VPASP%20Shopping_By_ConcorDHacK.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://membres.lycos.fr/newnst/exploit/VPASP%20Shopping_By_ConcorDHacK.txt"
|
||||
},
|
||||
{
|
||||
"name": "1015238",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1015238"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-3924",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-3924",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20051128 Randshop all versiyon Sql İnjection",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00333.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.blogcu.com/Liz0ziM/112800/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.blogcu.com/Liz0ziM/112800/"
|
||||
},
|
||||
{
|
||||
"name" : "15599",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/15599"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2005-2644",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2005/2644"
|
||||
},
|
||||
{
|
||||
"name" : "21213",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/21213"
|
||||
},
|
||||
{
|
||||
"name" : "17782",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/17782"
|
||||
},
|
||||
{
|
||||
"name" : "213",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/213"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "17782",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/17782"
|
||||
},
|
||||
{
|
||||
"name": "21213",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/21213"
|
||||
},
|
||||
{
|
||||
"name": "20051128 Randshop all versiyon Sql İnjection",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00333.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.blogcu.com/Liz0ziM/112800/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.blogcu.com/Liz0ziM/112800/"
|
||||
},
|
||||
{
|
||||
"name": "213",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/213"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2005-2644",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2644"
|
||||
},
|
||||
{
|
||||
"name": "15599",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/15599"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-4030",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-4030",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://sourceforge.net/project/shownotes.php?release_id=375970&group_id=154354",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://sourceforge.net/project/shownotes.php?release_id=375970&group_id=154354"
|
||||
},
|
||||
{
|
||||
"name" : "15710",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/15710"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2005-2729",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2005/2729"
|
||||
},
|
||||
{
|
||||
"name" : "21443",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/21443"
|
||||
},
|
||||
{
|
||||
"name" : "17861",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/17861"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "15710",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/15710"
|
||||
},
|
||||
{
|
||||
"name": "http://sourceforge.net/project/shownotes.php?release_id=375970&group_id=154354",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://sourceforge.net/project/shownotes.php?release_id=375970&group_id=154354"
|
||||
},
|
||||
{
|
||||
"name": "17861",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/17861"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2005-2729",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2729"
|
||||
},
|
||||
{
|
||||
"name": "21443",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/21443"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-4284",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-4284",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html"
|
||||
},
|
||||
{
|
||||
"name" : "15895",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/15895"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2005-2915",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2005/2915"
|
||||
},
|
||||
{
|
||||
"name" : "21714",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/21714"
|
||||
},
|
||||
{
|
||||
"name" : "22032",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/22032"
|
||||
},
|
||||
{
|
||||
"name" : "18037",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/18037"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "21714",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/21714"
|
||||
},
|
||||
{
|
||||
"name": "15895",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/15895"
|
||||
},
|
||||
{
|
||||
"name": "22032",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/22032"
|
||||
},
|
||||
{
|
||||
"name": "http://pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://pridels0.blogspot.com/2005/12/staticstore-search-engine-friendly-e.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2005-2915",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2915"
|
||||
},
|
||||
{
|
||||
"name": "18037",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/18037"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-4747",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-4747",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.webhostautomation.com/webhost-301",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.webhostautomation.com/webhost-301"
|
||||
},
|
||||
{
|
||||
"name" : "20060527 Helm Control Panel followup",
|
||||
"refsource" : "VIM",
|
||||
"url" : "http://attrition.org/pipermail/vim/2006-March/000653.html"
|
||||
},
|
||||
{
|
||||
"name" : "20060527 Helm Control Panel followup",
|
||||
"refsource" : "VIM",
|
||||
"url" : "http://attrition.org/pipermail/vim/2006-March/000654.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20060527 Helm Control Panel followup",
|
||||
"refsource": "VIM",
|
||||
"url": "http://attrition.org/pipermail/vim/2006-March/000653.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.webhostautomation.com/webhost-301",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.webhostautomation.com/webhost-301"
|
||||
},
|
||||
{
|
||||
"name": "20060527 Helm Control Panel followup",
|
||||
"refsource": "VIM",
|
||||
"url": "http://attrition.org/pipermail/vim/2006-March/000654.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2005-4797",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via \"..\" sequences in an \"Unlink data file\" command."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2005-4797",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm"
|
||||
},
|
||||
{
|
||||
"name" : "101842",
|
||||
"refsource" : "SUNALERT",
|
||||
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1"
|
||||
},
|
||||
{
|
||||
"name" : "P-280",
|
||||
"refsource" : "CIAC",
|
||||
"url" : "http://www.ciac.org/ciac/bulletins/p-280.shtml"
|
||||
},
|
||||
{
|
||||
"name" : "14510",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/14510"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2005-1342",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2005/1342"
|
||||
},
|
||||
{
|
||||
"name" : "18650",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://www.osvdb.org/18650"
|
||||
},
|
||||
{
|
||||
"name" : "1014635",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1014635"
|
||||
},
|
||||
{
|
||||
"name" : "16367",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/16367"
|
||||
},
|
||||
{
|
||||
"name" : "solaris-printd-file-deletion(21773)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21773"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via \"..\" sequences in an \"Unlink data file\" command."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2005-1342",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2005/1342"
|
||||
},
|
||||
{
|
||||
"name": "16367",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/16367"
|
||||
},
|
||||
{
|
||||
"name": "18650",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://www.osvdb.org/18650"
|
||||
},
|
||||
{
|
||||
"name": "1014635",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1014635"
|
||||
},
|
||||
{
|
||||
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm",
|
||||
"refsource": "MISC",
|
||||
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/solaris_lpd_unlink.pm"
|
||||
},
|
||||
{
|
||||
"name": "solaris-printd-file-deletion(21773)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21773"
|
||||
},
|
||||
{
|
||||
"name": "101842",
|
||||
"refsource": "SUNALERT",
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101842-1"
|
||||
},
|
||||
{
|
||||
"name": "P-280",
|
||||
"refsource": "CIAC",
|
||||
"url": "http://www.ciac.org/ciac/bulletins/p-280.shtml"
|
||||
},
|
||||
{
|
||||
"name": "14510",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/14510"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-0457",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-0457",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "7939",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/7939"
|
||||
},
|
||||
{
|
||||
"name" : "33565",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/33565"
|
||||
},
|
||||
{
|
||||
"name" : "51708",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/51708"
|
||||
},
|
||||
{
|
||||
"name" : "51709",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/51709"
|
||||
},
|
||||
{
|
||||
"name" : "33735",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/33735"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter to admin/case.php in the (1) Contact_Plus and (2) Reviews modules, and (3) the module_name parameter to admin/includes/FANCYNLOptions.php in the Fancy_NewsLetter module."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "51708",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/51708"
|
||||
},
|
||||
{
|
||||
"name": "51709",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/51709"
|
||||
},
|
||||
{
|
||||
"name": "7939",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/7939"
|
||||
},
|
||||
{
|
||||
"name": "33565",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/33565"
|
||||
},
|
||||
{
|
||||
"name": "33735",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/33735"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-0610",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-0610",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "51816",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/51816"
|
||||
},
|
||||
{
|
||||
"name" : "33814",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/33814"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "51816",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/51816"
|
||||
},
|
||||
{
|
||||
"name": "33814",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/33814"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-3203",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-3203",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.org/0908-exploits/ajauctionoopd2-sql.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.org/0908-exploits/ajauctionoopd2-sql.txt"
|
||||
},
|
||||
{
|
||||
"name" : "57159",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/57159"
|
||||
},
|
||||
{
|
||||
"name" : "36369",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/36369"
|
||||
},
|
||||
{
|
||||
"name" : "ajauction-store-sql-injection(52527)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52527"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "36369",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/36369"
|
||||
},
|
||||
{
|
||||
"name": "57159",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/57159"
|
||||
},
|
||||
{
|
||||
"name": "ajauction-store-sql-injection(52527)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52527"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.org/0908-exploits/ajauctionoopd2-sql.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.org/0908-exploits/ajauctionoopd2-sql.txt"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-3474",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-3474",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.internet2.edu/jira/browse/CPPOST-28",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugs.internet2.edu/jira/browse/CPPOST-28"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1895",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2009/dsa-1895"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1896",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2009/dsa-1896"
|
||||
},
|
||||
{
|
||||
"name" : "36516",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/36516"
|
||||
},
|
||||
{
|
||||
"name" : "36855",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/36855"
|
||||
},
|
||||
{
|
||||
"name" : "36868",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/36868"
|
||||
},
|
||||
{
|
||||
"name" : "36876",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/36876"
|
||||
},
|
||||
{
|
||||
"name" : "opensaml-keydescriptor-security-bypass(53474)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "36516",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36516"
|
||||
},
|
||||
{
|
||||
"name": "opensaml-keydescriptor-security-bypass(53474)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53474"
|
||||
},
|
||||
{
|
||||
"name": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt"
|
||||
},
|
||||
{
|
||||
"name": "36876",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/36876"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1896",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2009/dsa-1896"
|
||||
},
|
||||
{
|
||||
"name": "36868",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/36868"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1895",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2009/dsa-1895"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.internet2.edu/jira/browse/CPPOST-28",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.internet2.edu/jira/browse/CPPOST-28"
|
||||
},
|
||||
{
|
||||
"name": "36855",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/36855"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-4094",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-4094",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.kamtiez.org/2009/11/joomla-mambo-component-comezine-remote.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.kamtiez.org/2009/11/joomla-mambo-component-comezine-remote.html"
|
||||
},
|
||||
{
|
||||
"name" : "37043",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/37043"
|
||||
},
|
||||
{
|
||||
"name" : "ezine-d4majaxpagenav-file-include(54307)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54307"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "37043",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/37043"
|
||||
},
|
||||
{
|
||||
"name": "ezine-d4majaxpagenav-file-include(54307)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54307"
|
||||
},
|
||||
{
|
||||
"name": "http://www.kamtiez.org/2009/11/joomla-mambo-component-comezine-remote.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.kamtiez.org/2009/11/joomla-mambo-component-comezine-remote.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-4280",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-4280",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-4459",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-4459",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "10554",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "http://www.exploit-db.com/exploits/10554"
|
||||
},
|
||||
{
|
||||
"name" : "37425",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/37425"
|
||||
},
|
||||
{
|
||||
"name" : "redmine-title-xss(54947)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "37425",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/37425"
|
||||
},
|
||||
{
|
||||
"name": "10554",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "http://www.exploit-db.com/exploits/10554"
|
||||
},
|
||||
{
|
||||
"name": "redmine-title-xss(54947)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54947"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-4481",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3111. Reason: This candidate is a duplicate of CVE-2009-3111. Notes: All CVE users should reference CVE-2009-3111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2009-4481",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3111. Reason: This candidate is a duplicate of CVE-2009-3111. Notes: All CVE users should reference CVE-2009-3111 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,207 +1,207 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-4537",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-4537",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[linux-netdev] 20091228 [PATCH RFC] r8169: straighten out overlength frame detection",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://marc.info/?l=linux-netdev&m=126202972828626&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2009/12/28/1"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2009/12/29/2"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2009/12/31/1"
|
||||
},
|
||||
{
|
||||
"name" : "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
|
||||
},
|
||||
{
|
||||
"name" : "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://twitter.com/dakami/statuses/7104238406",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://twitter.com/dakami/statuses/7104238406"
|
||||
},
|
||||
{
|
||||
"name" : "http://marc.info/?t=126202986900002&r=1&w=2",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://marc.info/?t=126202986900002&r=1&w=2"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=550907",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=550907"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2053",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2010/dsa-2053"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2010-1787",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0019",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0020",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0041",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0095",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0111",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2010:0053",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SA:2010:023",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SA:2010:031",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name" : "37521",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/37521"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:7443",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:9439",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439"
|
||||
},
|
||||
{
|
||||
"name" : "1023419",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1023419"
|
||||
},
|
||||
{
|
||||
"name" : "38031",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/38031"
|
||||
},
|
||||
{
|
||||
"name" : "38610",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/38610"
|
||||
},
|
||||
{
|
||||
"name" : "39742",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39742"
|
||||
},
|
||||
{
|
||||
"name" : "39830",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/39830"
|
||||
},
|
||||
{
|
||||
"name" : "40645",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/40645"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2010-1857",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2010/1857"
|
||||
},
|
||||
{
|
||||
"name" : "kernel-r8169-dos(55647)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55647"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=550907",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=550907"
|
||||
},
|
||||
{
|
||||
"name": "37521",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/37521"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2010:031",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:9439",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9439"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0111",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
|
||||
},
|
||||
{
|
||||
"name": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://blog.c22.cc/2009/12/27/26c3-cat-procsysnetipv4fuckups/"
|
||||
},
|
||||
{
|
||||
"name": "1023419",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1023419"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0053",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
|
||||
},
|
||||
{
|
||||
"name": "[linux-netdev] 20091228 [PATCH RFC] r8169: straighten out overlength frame detection",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://marc.info/?l=linux-netdev&m=126202972828626&w=2"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0019",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
|
||||
},
|
||||
{
|
||||
"name": "40645",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/40645"
|
||||
},
|
||||
{
|
||||
"name": "kernel-r8169-dos(55647)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55647"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2010-1787",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2010:023",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://www.novell.com/linux/security/advisories/2010_23_kernel.html"
|
||||
},
|
||||
{
|
||||
"name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0095",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
|
||||
},
|
||||
{
|
||||
"name": "39742",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39742"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0020",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
|
||||
},
|
||||
{
|
||||
"name": "38031",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38031"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:7443",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7443"
|
||||
},
|
||||
{
|
||||
"name": "38610",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/38610"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2053",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2010/dsa-2053"
|
||||
},
|
||||
{
|
||||
"name": "http://twitter.com/dakami/statuses/7104238406",
|
||||
"refsource": "MISC",
|
||||
"url": "http://twitter.com/dakami/statuses/7104238406"
|
||||
},
|
||||
{
|
||||
"name": "http://marc.info/?t=126202986900002&r=1&w=2",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://marc.info/?t=126202986900002&r=1&w=2"
|
||||
},
|
||||
{
|
||||
"name": "39830",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/39830"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2010:0041",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2010-1857",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2010/1857"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2009-4959",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2009-4959",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
|
||||
},
|
||||
{
|
||||
"name" : "36140",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/36140"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2009-2410",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2009/2410"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ADV-2009-2410",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2009/2410"
|
||||
},
|
||||
{
|
||||
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-012"
|
||||
},
|
||||
{
|
||||
"name": "36140",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/36140"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2012-2045",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2046, and CVE-2012-2047."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@adobe.com",
|
||||
"ID": "CVE-2012-2045",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-17.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-17.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2046, and CVE-2012-2047."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.adobe.com/support/security/bulletins/apsb12-17.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.adobe.com/support/security/bulletins/apsb12-17.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,102 +1,102 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2012-2402",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2012-2402",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php"
|
||||
},
|
||||
{
|
||||
"name" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2470",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2012/dsa-2470"
|
||||
},
|
||||
{
|
||||
"name" : "53192",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/53192"
|
||||
},
|
||||
{
|
||||
"name" : "81462",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/81462"
|
||||
},
|
||||
{
|
||||
"name" : "49138",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/49138"
|
||||
},
|
||||
{
|
||||
"name" : "48957",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/48957"
|
||||
},
|
||||
{
|
||||
"name" : "wordpress-plugins-security-bypass(75090)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75090"
|
||||
},
|
||||
{
|
||||
"name" : "wordpress-plugins-sec-bypass(75207)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75207"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "wordpress-plugins-sec-bypass(75207)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75207"
|
||||
},
|
||||
{
|
||||
"name": "wordpress-plugins-security-bypass(75090)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75090"
|
||||
},
|
||||
{
|
||||
"name": "49138",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/49138"
|
||||
},
|
||||
{
|
||||
"name": "48957",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/48957"
|
||||
},
|
||||
{
|
||||
"name": "http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2470",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2012/dsa-2470"
|
||||
},
|
||||
{
|
||||
"name": "53192",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/53192"
|
||||
},
|
||||
{
|
||||
"name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
|
||||
},
|
||||
{
|
||||
"name": "81462",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/81462"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2012-2472",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2012-2472",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2012-2500",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2012-2500",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-0014",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows Telnet Service Buffer Overflow Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2015-0014",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS15-002",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002"
|
||||
},
|
||||
{
|
||||
"name" : "71968",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/71968"
|
||||
},
|
||||
{
|
||||
"name" : "1031523",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1031523"
|
||||
},
|
||||
{
|
||||
"name" : "61580",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/61580"
|
||||
},
|
||||
{
|
||||
"name" : "ms-telnet-cve20150014-code-exec(99517)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99517"
|
||||
},
|
||||
{
|
||||
"name" : "win-ms15kb3020393-update(99518)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99518"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows Telnet Service Buffer Overflow Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MS15-002",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002"
|
||||
},
|
||||
{
|
||||
"name": "ms-telnet-cve20150014-code-exec(99517)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99517"
|
||||
},
|
||||
{
|
||||
"name": "71968",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/71968"
|
||||
},
|
||||
{
|
||||
"name": "61580",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/61580"
|
||||
},
|
||||
{
|
||||
"name": "win-ms15kb3020393-update(99518)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99518"
|
||||
},
|
||||
{
|
||||
"name": "1031523",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1031523"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-0049",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2015-0049",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS15-009",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009"
|
||||
},
|
||||
{
|
||||
"name" : "72418",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/72418"
|
||||
},
|
||||
{
|
||||
"name" : "1031723",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1031723"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "72418",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/72418"
|
||||
},
|
||||
{
|
||||
"name": "1031723",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1031723"
|
||||
},
|
||||
{
|
||||
"name": "MS15-009",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-0667",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2015-0667",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20150318 Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability",
|
||||
"refsource" : "CISCO",
|
||||
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37889"
|
||||
},
|
||||
{
|
||||
"name" : "1031939",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1031939"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1031939",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1031939"
|
||||
},
|
||||
{
|
||||
"name": "20150318 Cisco Content Services Switch (11500) Unauthenticated Port Forwarding Vulnerability",
|
||||
"refsource": "CISCO",
|
||||
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37889"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-0884",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2015-0884",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://jvn.jp/vu/JVNVU99205169/index.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://jvn.jp/vu/JVNVU99205169/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.support.toshiba.com/sscontent?contentId=4007185",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.support.toshiba.com/sscontent?contentId=4007185"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.support.toshiba.com/sscontent?contentId=4007187",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.support.toshiba.com/sscontent?contentId=4007187"
|
||||
},
|
||||
{
|
||||
"name" : "VU#632140",
|
||||
"refsource" : "CERT-VN",
|
||||
"url" : "http://www.kb.cert.org/vuls/id/632140"
|
||||
},
|
||||
{
|
||||
"name" : "1031825",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1031825"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.support.toshiba.com/sscontent?contentId=4007187",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.support.toshiba.com/sscontent?contentId=4007187"
|
||||
},
|
||||
{
|
||||
"name": "1031825",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1031825"
|
||||
},
|
||||
{
|
||||
"name": "http://www.support.toshiba.com/sscontent?contentId=4007185",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.support.toshiba.com/sscontent?contentId=4007185"
|
||||
},
|
||||
{
|
||||
"name": "VU#632140",
|
||||
"refsource": "CERT-VN",
|
||||
"url": "http://www.kb.cert.org/vuls/id/632140"
|
||||
},
|
||||
{
|
||||
"name": "http://jvn.jp/vu/JVNVU99205169/index.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://jvn.jp/vu/JVNVU99205169/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-0895",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2015-0895",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#87204433",
|
||||
"refsource" : "JVN",
|
||||
"url" : "http://jvn.jp/en/jp/JVN87204433/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "JVNDB-2015-000038",
|
||||
"refsource" : "JVNDB",
|
||||
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
|
||||
},
|
||||
{
|
||||
"name": "JVN#87204433",
|
||||
"refsource": "JVN",
|
||||
"url": "http://jvn.jp/en/jp/JVN87204433/index.html"
|
||||
},
|
||||
{
|
||||
"name": "JVNDB-2015-000038",
|
||||
"refsource": "JVNDB",
|
||||
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000038"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-0973",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"ID": "CVE-2015-0973",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2015/01/10/1"
|
||||
},
|
||||
{
|
||||
"name" : "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2015/01/10/3"
|
||||
},
|
||||
{
|
||||
"name" : "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
|
||||
},
|
||||
{
|
||||
"name" : "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT206167",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT206167"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2016-03-21-5",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name" : "62725",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/62725"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "APPLE-SA-2016-03-21-5",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT206167",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT206167"
|
||||
},
|
||||
{
|
||||
"name": "[png-mng-announce] 20141222 libpng-1.5.21 and 1.6.16 are available",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20150109 Re: CVE Request: libpng 1.6.15 Heap Overflow",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/1"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20150110 Re: CVE Request: libpng 1.6.15 Heap Overflow",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2015/01/10/3"
|
||||
},
|
||||
{
|
||||
"name": "62725",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/62725"
|
||||
},
|
||||
{
|
||||
"name": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt",
|
||||
"refsource": "MISC",
|
||||
"url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-1003",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"ID": "CVE-2015-1003",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02",
|
||||
"refsource": "MISC",
|
||||
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-293-02"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-1098",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2015-1098",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.apple.com/HT204659",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT204659"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT204661",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT204661"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-04-08-2",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-04-08-3",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name" : "73984",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/73984"
|
||||
},
|
||||
{
|
||||
"name" : "1032048",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1032048"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.apple.com/HT204659",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT204659"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-04-08-3",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name": "73984",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/73984"
|
||||
},
|
||||
{
|
||||
"name": "1032048",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1032048"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-04-08-2",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT204661",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT204661"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,117 +1,117 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-1258",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@google.com",
|
||||
"ID": "CVE-2015-1258",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://code.google.com/p/chromium/issues/detail?id=450939",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://code.google.com/p/chromium/issues/detail?id=450939"
|
||||
},
|
||||
{
|
||||
"name" : "https://codereview.chromium.org/1106303002",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://codereview.chromium.org/1106303002"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-3267",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2015/dsa-3267"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2015-15935",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2015-15934",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2015-15936",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201506-04",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201506-04"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2015:1877",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2015:0969",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html"
|
||||
},
|
||||
{
|
||||
"name" : "74723",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/74723"
|
||||
},
|
||||
{
|
||||
"name" : "1032375",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1032375"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2015:0969",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html"
|
||||
},
|
||||
{
|
||||
"name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2015-15936",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html"
|
||||
},
|
||||
{
|
||||
"name": "https://codereview.chromium.org/1106303002",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://codereview.chromium.org/1106303002"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201506-04",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201506-04"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2015:1877",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html"
|
||||
},
|
||||
{
|
||||
"name": "1032375",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1032375"
|
||||
},
|
||||
{
|
||||
"name": "DSA-3267",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2015/dsa-3267"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/chromium/issues/detail?id=450939",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://code.google.com/p/chromium/issues/detail?id=450939"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2015-15935",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html"
|
||||
},
|
||||
{
|
||||
"name": "74723",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/74723"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2015-15934",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-1355",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2015-1355",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-234789.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-5251",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2015-5251",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://bugs.launchpad.net/bugs/1482371",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugs.launchpad.net/bugs/1482371"
|
||||
},
|
||||
{
|
||||
"name" : "https://security.openstack.org/ossa/OSSA-2015-019.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://security.openstack.org/ossa/OSSA-2015-019.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2015:1897",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://security.openstack.org/ossa/OSSA-2015-019.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.openstack.org/ossa/OSSA-2015-019.html"
|
||||
},
|
||||
{
|
||||
"name": "https://bugs.launchpad.net/bugs/1482371",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugs.launchpad.net/bugs/1482371"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:1897",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-5459",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2015-5459",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://seclists.org/fulldisclosure/2015/Jun/104"
|
||||
},
|
||||
{
|
||||
"name" : "20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://seclists.org/fulldisclosure/2015/Jul/19"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html"
|
||||
},
|
||||
{
|
||||
"name" : "75692",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/75692"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/132511/ManageEngine-Password-Manager-Pro-8.1-SQL-Injection.html"
|
||||
},
|
||||
{
|
||||
"name": "20150630 ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2015/Jun/104"
|
||||
},
|
||||
{
|
||||
"name": "75692",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/75692"
|
||||
},
|
||||
{
|
||||
"name": "20150703 Re: [##2255763##] ManageEngine Password Manager Pro 8.1 SQL Injection vulnerability",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2015/Jul/19"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-5486",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2015-5486",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-5507",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2015-5507",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.drupal.org/node/2507605",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.drupal.org/node/2507605"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.drupal.org/node/2507593",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.drupal.org/node/2507593"
|
||||
},
|
||||
{
|
||||
"name" : "75283",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/75283"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.drupal.org/node/2507593",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.drupal.org/node/2507593"
|
||||
},
|
||||
{
|
||||
"name": "75283",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/75283"
|
||||
},
|
||||
{
|
||||
"name": "https://www.drupal.org/node/2507605",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.drupal.org/node/2507605"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2015-5796",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2015-5796",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.apple.com/HT205212",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT205212"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT205221",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT205221"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT205265",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT205265"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-09-16-1",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-09-16-3",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name" : "APPLE-SA-2015-09-30-2",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
|
||||
},
|
||||
{
|
||||
"name" : "76763",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/76763"
|
||||
},
|
||||
{
|
||||
"name" : "1033609",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1033609"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.apple.com/HT205221",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT205221"
|
||||
},
|
||||
{
|
||||
"name": "1033609",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1033609"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT205212",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT205212"
|
||||
},
|
||||
{
|
||||
"name": "76763",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/76763"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT205265",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT205265"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-09-16-3",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-09-30-2",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2015-09-16-1",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-11535",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter \"my_item_search\" in users.php is exploitable using SQL injection."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-11535",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "44793",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/44793/"
|
||||
},
|
||||
{
|
||||
"name" : "https://gist.github.com/NinjaXshell/f894bd79f9707a92a7b6934711a8fdc9",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://gist.github.com/NinjaXshell/f894bd79f9707a92a7b6934711a8fdc9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter \"my_item_search\" in users.php is exploitable using SQL injection."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://gist.github.com/NinjaXshell/f894bd79f9707a92a7b6934711a8fdc9",
|
||||
"refsource": "MISC",
|
||||
"url": "https://gist.github.com/NinjaXshell/f894bd79f9707a92a7b6934711a8fdc9"
|
||||
},
|
||||
{
|
||||
"name": "44793",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/44793/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-3490",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-3490",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-3681",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-3681",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-3709",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-3709",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,88 +1,88 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "chrome-cve-admin@google.com",
|
||||
"ID" : "CVE-2018-6052",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Chrome",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_affected" : "<",
|
||||
"version_value" : "64.0.3282.119"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Google"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Inappropriate implementation"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@google.com",
|
||||
"ID": "CVE-2018-6052",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Chrome",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "64.0.3282.119"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Google"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://crbug.com/615608",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://crbug.com/615608"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-4103",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "https://www.debian.org/security/2018/dsa-4103"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2018:0265",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2018:0265"
|
||||
},
|
||||
{
|
||||
"name" : "102797",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/102797"
|
||||
},
|
||||
{
|
||||
"name" : "1040282",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040282"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Inappropriate implementation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-4103",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "https://www.debian.org/security/2018/dsa-4103"
|
||||
},
|
||||
{
|
||||
"name": "102797",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/102797"
|
||||
},
|
||||
{
|
||||
"name": "https://crbug.com/615608",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://crbug.com/615608"
|
||||
},
|
||||
{
|
||||
"name": "1040282",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040282"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2018:0265",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@trendmicro.com",
|
||||
"ID" : "CVE-2018-6225",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Trend Micro Email Encryption Gateway",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "5.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Trend Micro"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "XXE"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@trendmicro.com",
|
||||
"ID": "CVE-2018-6225",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Trend Micro Email Encryption Gateway",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "5.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Trend Micro"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "44166",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/44166/"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities"
|
||||
},
|
||||
{
|
||||
"name" : "https://success.trendmicro.com/solution/1119349",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://success.trendmicro.com/solution/1119349"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "XXE"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "44166",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/44166/"
|
||||
},
|
||||
{
|
||||
"name": "https://success.trendmicro.com/solution/1119349",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://success.trendmicro.com/solution/1119349"
|
||||
},
|
||||
{
|
||||
"name": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-6820",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2018-6820",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-6828",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-6828",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-7057",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-7057",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://misteralfa-hack.blogspot.cl/2018/02/steelcase-sala-por-favor-y-todos-tus.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://misteralfa-hack.blogspot.cl/2018/02/steelcase-sala-por-favor-y-todos-tus.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://misteralfa-hack.blogspot.cl/2018/02/steelcase-sala-por-favor-y-todos-tus.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://misteralfa-hack.blogspot.cl/2018/02/steelcase-sala-por-favor-y-todos-tus.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-7275",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-7275",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-7634",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-7634",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://mustafairan.wordpress.com/2018/03/05/tuleap-mail-change-csrf-vulnerability-leads-to-account-takeover/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://mustafairan.wordpress.com/2018/03/05/tuleap-mail-change-csrf-vulnerability-leads-to-account-takeover/"
|
||||
},
|
||||
{
|
||||
"name" : "https://twitter.com/Mustafaran/status/970745812887199744",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://twitter.com/Mustafaran/status/970745812887199744"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/Enalean/tuleap/commit/0843c046eee54b16ec6a7753c575838212770189",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/Enalean/tuleap/commit/0843c046eee54b16ec6a7753c575838212770189"
|
||||
},
|
||||
{
|
||||
"name" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=commit&h=d6701289ae55de900929ff0f66313fa9771a198d",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=commit&h=d6701289ae55de900929ff0f66313fa9771a198d"
|
||||
},
|
||||
{
|
||||
"name" : "https://tuleap.net/plugins/tracker/?aid=11217",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://tuleap.net/plugins/tracker/?aid=11217"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://mustafairan.wordpress.com/2018/03/05/tuleap-mail-change-csrf-vulnerability-leads-to-account-takeover/",
|
||||
"refsource": "MISC",
|
||||
"url": "https://mustafairan.wordpress.com/2018/03/05/tuleap-mail-change-csrf-vulnerability-leads-to-account-takeover/"
|
||||
},
|
||||
{
|
||||
"name": "https://tuleap.net/plugins/tracker/?aid=11217",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://tuleap.net/plugins/tracker/?aid=11217"
|
||||
},
|
||||
{
|
||||
"name": "https://twitter.com/Mustafaran/status/970745812887199744",
|
||||
"refsource": "MISC",
|
||||
"url": "https://twitter.com/Mustafaran/status/970745812887199744"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/Enalean/tuleap/commit/0843c046eee54b16ec6a7753c575838212770189",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/Enalean/tuleap/commit/0843c046eee54b16ec6a7753c575838212770189"
|
||||
},
|
||||
{
|
||||
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=commit&h=d6701289ae55de900929ff0f66313fa9771a198d",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=commit&h=d6701289ae55de900929ff0f66313fa9771a198d"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-7735",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-7735",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.filerun.com/changelog",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.filerun.com/changelog"
|
||||
},
|
||||
{
|
||||
"name" : "https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available",
|
||||
"refsource": "MISC",
|
||||
"url": "https://feedback.filerun.com/communities/1/topics/189-critical-security-update-available"
|
||||
},
|
||||
{
|
||||
"name": "http://www.filerun.com/changelog",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.filerun.com/changelog"
|
||||
},
|
||||
{
|
||||
"name": "https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.scanfsec.com/FileRun_2017_09_25_Blind_SQL.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,146 +1,146 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@apache.org",
|
||||
"ID" : "CVE-2018-8014",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Apache Tomcat",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "9.0.0.M1 to 9.0.8"
|
||||
},
|
||||
{
|
||||
"version_value" : "8.5.0 to 8.5.31"
|
||||
},
|
||||
{
|
||||
"version_value" : "8.0.0.RC1 to 8.0.52"
|
||||
},
|
||||
{
|
||||
"version_value" : "7.0.41 to 7.0.88"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Apache Software Foundation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@apache.org",
|
||||
"ID": "CVE-2018-8014",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Apache Tomcat",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "9.0.0.M1 to 9.0.8"
|
||||
},
|
||||
{
|
||||
"version_value": "8.5.0 to 8.5.31"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0.RC1 to 8.0.52"
|
||||
},
|
||||
{
|
||||
"version_value": "7.0.41 to 7.0.88"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Apache Software Foundation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://tomcat.apache.org/security-7.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://tomcat.apache.org/security-7.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://tomcat.apache.org/security-8.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://tomcat.apache.org/security-8.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://tomcat.apache.org/security-9.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://tomcat.apache.org/security-9.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2018:2469",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2018:2469"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2018:2470",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2018:2470"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2018:3768",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2018:3768"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2019:0450",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2019:0450"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2019:0451",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2019:0451"
|
||||
},
|
||||
{
|
||||
"name" : "USN-3665-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "https://usn.ubuntu.com/3665-1/"
|
||||
},
|
||||
{
|
||||
"name" : "104203",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/104203"
|
||||
},
|
||||
{
|
||||
"name" : "1040998",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040998"
|
||||
},
|
||||
{
|
||||
"name" : "1041888",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1041888"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://tomcat.apache.org/security-9.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://tomcat.apache.org/security-9.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2019:0451",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2019:0451"
|
||||
},
|
||||
{
|
||||
"name": "http://tomcat.apache.org/security-7.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://tomcat.apache.org/security-7.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2018:2469",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2018:2469"
|
||||
},
|
||||
{
|
||||
"name": "1041888",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1041888"
|
||||
},
|
||||
{
|
||||
"name": "USN-3665-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "https://usn.ubuntu.com/3665-1/"
|
||||
},
|
||||
{
|
||||
"name": "http://tomcat.apache.org/security-8.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://tomcat.apache.org/security-8.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2018:2470",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2018:2470"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
|
||||
},
|
||||
{
|
||||
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2019:0450",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2019:0450"
|
||||
},
|
||||
{
|
||||
"name": "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
|
||||
"refsource": "MLIST",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
|
||||
},
|
||||
{
|
||||
"name": "104203",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/104203"
|
||||
},
|
||||
{
|
||||
"name": "1040998",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040998"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2018:3768",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHSA-2018:3768"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-8045",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-8045",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html"
|
||||
},
|
||||
{
|
||||
"name" : "103402",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/103402"
|
||||
},
|
||||
{
|
||||
"name" : "1040540",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1040540"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html"
|
||||
},
|
||||
{
|
||||
"name": "1040540",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1040540"
|
||||
},
|
||||
{
|
||||
"name": "103402",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/103402"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,211 +1,211 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "Secure@Microsoft.com",
|
||||
"ID" : "CVE-2018-8166",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Windows 7",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "32-bit Systems Service Pack 1"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems Service Pack 1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows Server 2012 R2",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows RT 8.1",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Windows RT 8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows Server 2008",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "32-bit Systems Service Pack 2"
|
||||
},
|
||||
{
|
||||
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
|
||||
},
|
||||
{
|
||||
"version_value" : "Itanium-Based Systems Service Pack 2"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems Service Pack 2"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows Server 2012",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows 8.1",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "32-bit systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows Server 2016",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows Server 2008 R2",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Itanium-Based Systems Service Pack 1"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems Service Pack 1"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows 10",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1607 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1607 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1703 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1703 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1709 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1709 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1803 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "Version 1803 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value" : "x64-based Systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name" : "Windows 10 Servers",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "version 1709 (Server Core Installation)"
|
||||
},
|
||||
{
|
||||
"version_value" : "version 1803 (Server Core Installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Microsoft"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Elevation of Privilege"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2018-8166",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Windows 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "32-bit Systems Service Pack 1"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems Service Pack 1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows Server 2012 R2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows RT 8.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Windows RT 8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows Server 2008",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "32-bit Systems Service Pack 2"
|
||||
},
|
||||
{
|
||||
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
|
||||
},
|
||||
{
|
||||
"version_value": "Itanium-Based Systems Service Pack 2"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems Service Pack 2"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows Server 2012",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows 8.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "32-bit systems"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows Server 2016",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "(Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows Server 2008 R2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Itanium-Based Systems Service Pack 1"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems Service Pack 1"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows 10",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1607 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1607 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1703 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1703 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1709 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1709 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1803 for 32-bit Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "Version 1803 for x64-based Systems"
|
||||
},
|
||||
{
|
||||
"version_value": "x64-based Systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Windows 10 Servers",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "version 1709 (Server Core Installation)"
|
||||
},
|
||||
{
|
||||
"version_value": "version 1803 (Server Core Installation)"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Microsoft"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8166",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8166"
|
||||
},
|
||||
{
|
||||
"name" : "104062",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/104062"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Elevation of Privilege"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8166",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8166"
|
||||
},
|
||||
{
|
||||
"name": "104062",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/104062"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "secure@microsoft.com",
|
||||
"ID" : "CVE-2018-8353",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2018-8353",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "45279",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/45279/"
|
||||
},
|
||||
{
|
||||
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353"
|
||||
},
|
||||
{
|
||||
"name" : "105034",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/105034"
|
||||
},
|
||||
{
|
||||
"name" : "1041483",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1041483"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353"
|
||||
},
|
||||
{
|
||||
"name": "45279",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/45279/"
|
||||
},
|
||||
{
|
||||
"name": "1041483",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1041483"
|
||||
},
|
||||
{
|
||||
"name": "105034",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/105034"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user