admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:13:40 +00:00
parent 1780ecdd23
commit d57f51abef
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3740 additions and 3740 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0817.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020731 The SUPER Bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102812622416695&w=2"
},
{
"name" : "20020730 The SUPER Bug",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html"
},
{
"name" : "DSA-139",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-139"
},
{
"name" : "super-syslog-format-string(9741)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9741.php"
},
{
"name" : "5367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020731 The SUPER Bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102812622416695&w=2"
},
{
"name": "super-syslog-format-string(9741)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9741.php"
},
{
"name": "20020730 The SUPER Bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html"
},
{
"name": "5367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5367"
},
{
"name": "DSA-139",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-139"
}
]
}
}

120
2002/2xxx/CVE-2002-2003.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SSRT541",
"refsource" : "COMPAQ",
"url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT541",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml"
}
]
}
}

150
2002/2xxx/CVE-2002-2077.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an \"alter context\" request, which may allow remote attackers to obtain sensitive information by sniffing the session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020402 Windows 2000 DCOM clients may leak sensitive information onto the network",
"refsource" : "BINDVIEW",
"url" : "http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm"
},
{
"name" : "Q300367",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367"
},
{
"name" : "4410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4410"
},
{
"name" : "win2k-dcom-memory-leak(8739)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8739.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an \"alter context\" request, which may allow remote attackers to obtain sensitive information by sniffing the session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4410"
},
{
"name": "20020402 Windows 2000 DCOM clients may leak sensitive information onto the network",
"refsource": "BINDVIEW",
"url": "http://www.bindview.com/Services/razor/Advisories/2002/adv_dcom.cfm"
},
{
"name": "Q300367",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q300367"
},
{
"name": "win2k-dcom-memory-leak(8739)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8739.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2414.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=103783186608438&w=2"
},
{
"name" : "6218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6218"
},
{
"name" : "opera-squid-https-dos(10673)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10673.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021120 Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=103783186608438&w=2"
},
{
"name": "6218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6218"
},
{
"name": "opera-squid-https-dos(10673)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10673.php"
}
]
}
}

130
2005/0xxx/CVE-2005-0898.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050325 File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111186424600509&w=2"
},
{
"name" : "12909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12909"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050325 File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111186424600509&w=2"
},
{
"name": "12909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12909"
}
]
}
}

140
2005/0xxx/CVE-2005-0980.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111247198021626&w=2"
},
{
"name" : "12973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12973"
},
{
"name" : "14802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14802"
},
{
"name": "20050402 AlstraSoft EPay Pro v2.0 has file include and multiple xss",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111247198021626&w=2"
},
{
"name": "12973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12973"
}
]
}
}

140
2005/1xxx/CVE-2005-1336.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
},
{
"name" : "TA05-136A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
},
{
"name" : "VU#582934",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582934"
},
{
"name": "TA05-136A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
},
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}

150
2005/1xxx/CVE-2005-1445.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00072-05032005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00072-05032005"
},
{
"name" : "http://forum.sitepanel2.com/index.php?showtopic=271",
"refsource" : "MISC",
"url" : "http://forum.sitepanel2.com/index.php?showtopic=271"
},
{
"name" : "16266",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16266"
},
{
"name" : "15213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16266",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16266"
},
{
"name": "15213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15213"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00072-05032005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00072-05032005"
},
{
"name": "http://forum.sitepanel2.com/index.php?showtopic=271",
"refsource": "MISC",
"url": "http://forum.sitepanel2.com/index.php?showtopic=271"
}
]
}
}

170
2005/1xxx/CVE-2005-1481.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050503 [HSC Security Group] ASP Inline Corporate Calendar SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111530675909673&w=2"
},
{
"name" : "16192",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16192"
},
{
"name" : "16193",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16193"
},
{
"name" : "1013884",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013884"
},
{
"name" : "15239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15239"
},
{
"name" : "asp-inline-corporate-calendar-sql-injection(20416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013884",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013884"
},
{
"name": "16192",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16192"
},
{
"name": "16193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16193"
},
{
"name": "15239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15239"
},
{
"name": "asp-inline-corporate-calendar-sql-injection(20416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20416"
},
{
"name": "20050503 [HSC Security Group] ASP Inline Corporate Calendar SQL injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111530675909673&w=2"
}
]
}
}

34
2005/1xxx/CVE-2005-1624.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1624",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1624",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2005/1xxx/CVE-2005-1709.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource" : "CONFIRM",
"url" : "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name" : "13725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13725"
},
{
"name" : "ADV-2005-0589",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0589"
},
{
"name" : "16764",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16764"
},
{
"name" : "15452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15452"
},
{
"name": "13725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13725"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16764",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16764"
},
{
"name": "ADV-2005-0589",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
]
}
}

220
2005/4xxx/CVE-2005-4826.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070126 S21sec-034-en: Cisco VTP DoS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/458240/100/0/threaded"
},
{
"name" : "20070130 Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/458554/100/0/threaded"
},
{
"name" : "http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html#Berrueta",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html#Berrueta"
},
{
"name" : "http://www.s21sec.com/en/avisos/s21sec-034-en.txt",
"refsource" : "MISC",
"url" : "http://www.s21sec.com/en/avisos/s21sec-034-en.txt"
},
{
"name" : "20070129 Cisco VTP Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html"
},
{
"name" : "22268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22268"
},
{
"name" : "oval:org.mitre.oval:def:5544",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5544"
},
{
"name" : "ADV-2007-0414",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0414"
},
{
"name" : "33013",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33013"
},
{
"name" : "1017568",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017568"
},
{
"name" : "23892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017568",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017568"
},
{
"name": "23892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23892"
},
{
"name": "33013",
"refsource": "OSVDB",
"url": "http://osvdb.org/33013"
},
{
"name": "20070129 Cisco VTP Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html"
},
{
"name": "ADV-2007-0414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0414"
},
{
"name": "oval:org.mitre.oval:def:5544",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5544"
},
{
"name": "20070130 Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458554/100/0/threaded"
},
{
"name": "http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html#Berrueta",
"refsource": "MISC",
"url": "http://www.blackhat.com/html/bh-europe-05/bh-eu-05-speakers.html#Berrueta"
},
{
"name": "22268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22268"
},
{
"name": "http://www.s21sec.com/en/avisos/s21sec-034-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/en/avisos/s21sec-034-en.txt"
},
{
"name": "20070126 S21sec-034-en: Cisco VTP DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458240/100/0/threaded"
}
]
}
}

370
2009/0xxx/CVE-2009-0136.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499984/100/0/threaded"
},
{
"name" : "[oss-security] 20090114 CVE Request -- amarok",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/01/14/2"
},
{
"name" : "http://trapkit.de/advisories/TKADV2009-002.txt",
"refsource" : "MISC",
"url" : "http://trapkit.de/advisories/TKADV2009-002.txt"
},
{
"name" : "http://amarok.kde.org/en/releases/2.0.1.1",
"refsource" : "CONFIRM",
"url" : "http://amarok.kde.org/en/releases/2.0.1.1"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=254896",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=254896"
},
{
"name" : "http://websvn.kde.org/?view=rev&revision=908391",
"refsource" : "CONFIRM",
"url" : "http://websvn.kde.org/?view=rev&revision=908391"
},
{
"name" : "http://websvn.kde.org/?view=rev&revision=908401",
"refsource" : "CONFIRM",
"url" : "http://websvn.kde.org/?view=rev&revision=908401"
},
{
"name" : "http://websvn.kde.org/?view=rev&revision=908415",
"refsource" : "CONFIRM",
"url" : "http://websvn.kde.org/?view=rev&revision=908415"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479560",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479560"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479946",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479946"
},
{
"name" : "DSA-1706",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1706"
},
{
"name" : "FEDORA-2009-0715",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html"
},
{
"name" : "GLSA-200903-34",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-34.xml"
},
{
"name" : "MDVSA-2009:030",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:030"
},
{
"name" : "SUSE-SR:2009:003",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name" : "USN-739-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-739-1"
},
{
"name" : "33210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33210"
},
{
"name" : "34315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34315"
},
{
"name" : "34407",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34407"
},
{
"name" : "ADV-2009-0100",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0100"
},
{
"name" : "1021558",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021558"
},
{
"name" : "33505",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33505"
},
{
"name" : "33522",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33522"
},
{
"name" : "33640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33640"
},
{
"name" : "33819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33819"
},
{
"name" : "4915",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple array index errors in the Audible::Tag::readTag function in metadata/audible/audibletag.cpp in Amarok 1.4.10 through 2.0.1 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via an Audible Audio (.aa) file with a crafted (1) nlen or (2) vlen Tag value, each of which can lead to an invalid pointer dereference, or the writing of a 0x00 byte to an arbitrary memory location, after an allocation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1706",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1706"
},
{
"name": "USN-739-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-739-1"
},
{
"name": "ADV-2009-0100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0100"
},
{
"name": "http://websvn.kde.org/?view=rev&revision=908391",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=rev&revision=908391"
},
{
"name": "33522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33522"
},
{
"name": "GLSA-200903-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-34.xml"
},
{
"name": "http://websvn.kde.org/?view=rev&revision=908415",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=rev&revision=908415"
},
{
"name": "FEDORA-2009-0715",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html"
},
{
"name": "SUSE-SR:2009:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name": "33505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33505"
},
{
"name": "MDVSA-2009:030",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:030"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=479560",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479560"
},
{
"name": "[oss-security] 20090114 CVE Request -- amarok",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/14/2"
},
{
"name": "34315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34315"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=479946",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479946"
},
{
"name": "http://trapkit.de/advisories/TKADV2009-002.txt",
"refsource": "MISC",
"url": "http://trapkit.de/advisories/TKADV2009-002.txt"
},
{
"name": "http://amarok.kde.org/en/releases/2.0.1.1",
"refsource": "CONFIRM",
"url": "http://amarok.kde.org/en/releases/2.0.1.1"
},
{
"name": "20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499984/100/0/threaded"
},
{
"name": "http://websvn.kde.org/?view=rev&revision=908401",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=rev&revision=908401"
},
{
"name": "34407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34407"
},
{
"name": "33640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33640"
},
{
"name": "4915",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4915"
},
{
"name": "33210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33210"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=254896",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=254896"
},
{
"name": "1021558",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021558"
},
{
"name": "33819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33819"
}
]
}
}

130
2009/0xxx/CVE-2009-0429.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090116 Active Bids",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500144/100/0/threaded"
},
{
"name" : "33306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090116 Active Bids",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500144/100/0/threaded"
},
{
"name": "33306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33306"
}
]
}
}

180
2009/0xxx/CVE-2009-0554.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"name" : "MS09-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name" : "TA09-104A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name" : "oval:org.mitre.oval:def:5723",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5723"
},
{
"name" : "1022042",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022042"
},
{
"name" : "34678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34678"
},
{
"name" : "ADV-2009-1028",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1028",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "34678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34678"
},
{
"name": "MS09-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "1022042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022042"
},
{
"name": "oval:org.mitre.oval:def:5723",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5723"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
]
}
}

160
2009/1xxx/CVE-2009-1737.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hi.baidu.com/hirfire/blog/item/c3c0f6dda3ca47d18d10291a.html",
"refsource" : "MISC",
"url" : "http://hi.baidu.com/hirfire/blog/item/c3c0f6dda3ca47d18d10291a.html"
},
{
"name" : "35030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35030"
},
{
"name" : "54565",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/54565"
},
{
"name" : "35092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35092"
},
{
"name" : "mypic-dir-directory-traversal(50621)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mypic-dir-directory-traversal(50621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50621"
},
{
"name": "http://hi.baidu.com/hirfire/blog/item/c3c0f6dda3ca47d18d10291a.html",
"refsource": "MISC",
"url": "http://hi.baidu.com/hirfire/blog/item/c3c0f6dda3ca47d18d10291a.html"
},
{
"name": "35092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35092"
},
{
"name": "54565",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54565"
},
{
"name": "35030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35030"
}
]
}
}

150
2009/1xxx/CVE-2009-1741.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8741",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8741"
},
{
"name" : "35035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35035"
},
{
"name" : "54597",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54597"
},
{
"name" : "35167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35167"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35167"
},
{
"name": "8741",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8741"
},
{
"name": "54597",
"refsource": "OSVDB",
"url": "http://osvdb.org/54597"
},
{
"name": "35035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35035"
}
]
}
}

390
2009/1xxx/CVE-2009-1835.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-26.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-26.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=491801",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=491801"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503576",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503576"
},
{
"name" : "DSA-1820",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1820"
},
{
"name" : "FEDORA-2009-6366",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name" : "FEDORA-2009-6411",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name" : "FEDORA-2009-7567",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
},
{
"name" : "FEDORA-2009-7614",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
},
{
"name" : "RHSA-2009:1095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name" : "RHSA-2009:1096",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
},
{
"name" : "SSA:2009-167-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name" : "SSA:2009-176-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name" : "265068",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
},
{
"name" : "1020800",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
},
{
"name" : "35326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35326"
},
{
"name" : "35391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35391"
},
{
"name" : "55161",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55161"
},
{
"name" : "oval:org.mitre.oval:def:9803",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9803"
},
{
"name" : "35331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35331"
},
{
"name" : "35428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35428"
},
{
"name" : "35431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35431"
},
{
"name" : "35439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35439"
},
{
"name" : "35468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35468"
},
{
"name" : "35415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35415"
},
{
"name" : "35561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35561"
},
{
"name" : "35882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35882"
},
{
"name" : "ADV-2009-1572",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1572"
},
{
"name" : "ADV-2009-2152",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "265068",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
},
{
"name": "ADV-2009-1572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1572"
},
{
"name": "RHSA-2009:1096",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
},
{
"name": "1020800",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
},
{
"name": "oval:org.mitre.oval:def:9803",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9803"
},
{
"name": "FEDORA-2009-7614",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
},
{
"name": "35326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35326"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-26.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-26.html"
},
{
"name": "35391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35391"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=503576",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503576"
},
{
"name": "FEDORA-2009-6411",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=491801",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=491801"
},
{
"name": "35428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35428"
},
{
"name": "35431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35431"
},
{
"name": "FEDORA-2009-7567",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
},
{
"name": "35331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35331"
},
{
"name": "35468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35468"
},
{
"name": "ADV-2009-2152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2152"
},
{
"name": "35439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35439"
},
{
"name": "35882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35882"
},
{
"name": "FEDORA-2009-6366",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name": "35415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35415"
},
{
"name": "RHSA-2009:1095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name": "55161",
"refsource": "OSVDB",
"url": "http://osvdb.org/55161"
},
{
"name": "SSA:2009-167-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name": "35561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35561"
},
{
"name": "SSA:2009-176-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name": "DSA-1820",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1820"
}
]
}
}

200
2009/1xxx/CVE-2009-1968.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=125",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=125"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35681"
},
{
"name" : "55892",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55892"
},
{
"name" : "1022560",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022560"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-db-ses-unspecified(51754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-07/0110.html"
},
{
"name": "oracle-db-ses-unspecified(51754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51754"
},
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "55892",
"refsource": "OSVDB",
"url": "http://osvdb.org/55892"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=125",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=125"
},
{
"name": "1022560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022560"
},
{
"name": "35681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35681"
}
]
}
}

120
2009/5xxx/CVE-2009-5053.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource" : "CONFIRM",
"url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource": "CONFIRM",
"url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}

220
2012/2xxx/CVE-2012-2129.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2012/Apr/121"
},
{
"name" : "[oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/22/4"
},
{
"name" : "[oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/23/1"
},
{
"name" : "http://ircrash.com/uploads/dokuwiki.txt",
"refsource" : "MISC",
"url" : "http://ircrash.com/uploads/dokuwiki.txt"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=412891",
"refsource" : "MISC",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=412891"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=815122",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=815122"
},
{
"name" : "http://bugs.dokuwiki.org/index.php?do=details&task_id=2487",
"refsource" : "CONFIRM",
"url" : "http://bugs.dokuwiki.org/index.php?do=details&task_id=2487"
},
{
"name" : "https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26",
"refsource" : "CONFIRM",
"url" : "https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26"
},
{
"name" : "53041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53041"
},
{
"name" : "48848",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48848"
},
{
"name" : "dokuwiki-doku-xss(74907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/23/1"
},
{
"name": "53041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53041"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=412891",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=412891"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=815122",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=815122"
},
{
"name": "20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Apr/121"
},
{
"name": "https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26"
},
{
"name": "dokuwiki-doku-xss(74907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74907"
},
{
"name": "[oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/22/4"
},
{
"name": "http://ircrash.com/uploads/dokuwiki.txt",
"refsource": "MISC",
"url": "http://ircrash.com/uploads/dokuwiki.txt"
},
{
"name": "48848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48848"
},
{
"name": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2487",
"refsource": "CONFIRM",
"url": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2487"
}
]
}
}

160
2012/2xxx/CVE-2012-2274.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23087",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23087"
},
{
"name" : "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145",
"refsource" : "CONFIRM",
"url" : "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145"
},
{
"name" : "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147",
"refsource" : "CONFIRM",
"url" : "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147"
},
{
"name" : "http://pivotx.net/page/security",
"refsource" : "CONFIRM",
"url" : "http://pivotx.net/page/security"
},
{
"name" : "53434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23087",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23087"
},
{
"name": "53434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53434"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145"
},
{
"name": "http://pivotx.net/page/security",
"refsource": "CONFIRM",
"url": "http://pivotx.net/page/security"
},
{
"name": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147",
"refsource": "CONFIRM",
"url": "http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147"
}
]
}
}

140
2012/2xxx/CVE-2012-2421.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120330 Intuit Help System Protocol File Retrieval",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522139"
},
{
"name" : "VU#232979",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/232979"
},
{
"name" : "quickbooks-intuit-info-disclosure(75172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quickbooks-intuit-info-disclosure(75172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75172"
},
{
"name": "20120330 Intuit Help System Protocol File Retrieval",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522139"
},
{
"name": "VU#232979",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/232979"
}
]
}
}

120
2012/2xxx/CVE-2012-2428.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-2428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf"
}
]
}
}

140
2012/2xxx/CVE-2012-2531.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-073",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
},
{
"name" : "56439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56439"
},
{
"name" : "oval:org.mitre.oval:def:15959",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka \"Password Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56439"
},
{
"name": "oval:org.mitre.oval:def:15959",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15959"
},
{
"name": "MS12-073",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
}
]
}
}

160
2012/2xxx/CVE-2012-2697.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent \"mount expiration\" via unspecified vectors related to \"using an LDAP-based automount map.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=831772",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=831772"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "RHSA-2013:0132",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0132.html"
},
{
"name" : "57183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57183"
},
{
"name" : "89878",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/89878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent \"mount expiration\" via unspecified vectors related to \"using an LDAP-based automount map.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57183"
},
{
"name": "89878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/89878"
},
{
"name": "RHSA-2013:0132",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0132.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=831772",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=831772"
}
]
}
}

210
2012/2xxx/CVE-2012-2722.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name" : "http://drupal.org/node/1619824",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1619824"
},
{
"name" : "http://drupal.org/node/1618428",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1618428"
},
{
"name" : "http://drupal.org/node/1618430",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1618430"
},
{
"name" : "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c"
},
{
"name" : "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022"
},
{
"name" : "53835",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53835"
},
{
"name" : "82735",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/82735"
},
{
"name" : "48348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48348"
},
{
"name" : "nodeembed-selectembed-security-bypass(76148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022"
},
{
"name": "http://drupal.org/node/1618430",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1618430"
},
{
"name": "82735",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82735"
},
{
"name": "53835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53835"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "nodeembed-selectembed-security-bypass(76148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76148"
},
{
"name": "http://drupal.org/node/1618428",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1618428"
},
{
"name": "48348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48348"
},
{
"name": "http://drupal.org/node/1619824",
"refsource": "MISC",
"url": "http://drupal.org/node/1619824"
},
{
"name": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c"
}
]
}
}

130
2012/3xxx/CVE-2012-3025.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf"
},
{
"name" : "http://www.tridium.com/cs/tridium_news/security_patch_36",
"refsource" : "CONFIRM",
"url" : "http://www.tridium.com/cs/tridium_news/security_patch_36"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tridium.com/cs/tridium_news/security_patch_36",
"refsource": "CONFIRM",
"url": "http://www.tridium.com/cs/tridium_news/security_patch_36"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf"
}
]
}
}

350
2012/3xxx/CVE-2012-3412.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120803 Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/03/4"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=844714",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=844714"
},
{
"name" : "https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c"
},
{
"name" : "RHSA-2012:1375",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1375.html"
},
{
"name" : "RHSA-2012:1430",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1430.html"
},
{
"name" : "RHSA-2012:1323",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name" : "RHSA-2012:1324",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1324.html"
},
{
"name" : "RHSA-2012:1347",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1347.html"
},
{
"name" : "RHSA-2012:1401",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1401.html"
},
{
"name" : "openSUSE-SU-2012:1330",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html"
},
{
"name" : "SUSE-SU-2012:1679",
"refsource" : "SUSE",
"url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"
},
{
"name" : "USN-1567-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name" : "USN-1568-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1568-1"
},
{
"name" : "USN-1572-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"name" : "USN-1579-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1579-1"
},
{
"name" : "USN-1580-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1580-1"
},
{
"name" : "USN-1575-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1575-1"
},
{
"name" : "USN-1577-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"name" : "USN-1578-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1578-1"
},
{
"name" : "50633",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50633"
},
{
"name" : "50811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50811"
},
{
"name" : "50732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50732"
},
{
"name" : "51193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1572-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"name": "USN-1579-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1579-1"
},
{
"name": "USN-1578-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1578-1"
},
{
"name": "50732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50732"
},
{
"name": "50811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50811"
},
{
"name": "https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/68cb695ccecf949d48949e72f8ce591fdaaa325c"
},
{
"name": "RHSA-2012:1401",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1401.html"
},
{
"name": "USN-1567-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name": "openSUSE-SU-2012:1330",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html"
},
{
"name": "RHSA-2012:1323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=844714",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844714"
},
{
"name": "RHSA-2012:1324",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1324.html"
},
{
"name": "USN-1577-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"name": "SUSE-SU-2012:1679",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"
},
{
"name": "USN-1568-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1568-1"
},
{
"name": "USN-1575-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1575-1"
},
{
"name": "RHSA-2012:1347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1347.html"
},
{
"name": "51193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51193"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30"
},
{
"name": "RHSA-2012:1430",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1430.html"
},
{
"name": "RHSA-2012:1375",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1375.html"
},
{
"name": "[oss-security] 20120803 Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/03/4"
},
{
"name": "50633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50633"
},
{
"name": "USN-1580-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1580-1"
}
]
}
}

140
2012/3xxx/CVE-2012-3723.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5501",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5501"
},
{
"name" : "APPLE-SA-2012-09-19-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name" : "apple-osx-usb-cve20123723(78750)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts field of a USB hub descriptor, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by attaching a USB device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "apple-osx-usb-cve20123723(78750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78750"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
}
]
}
}

230
2012/3xxx/CVE-2012-3964.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=756241",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=756241"
},
{
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name" : "RHSA-2012:1211",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
},
{
"name" : "RHSA-2012:1210",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
},
{
"name" : "SUSE-SU-2012:1167",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"name" : "openSUSE-SU-2012:1065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"name" : "SUSE-SU-2012:1157",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name" : "USN-1548-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"name" : "USN-1548-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"name" : "55322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55322"
},
{
"name" : "oval:org.mitre.oval:def:16857",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16857",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857"
},
{
"name": "RHSA-2012:1211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=756241",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=756241"
},
{
"name": "USN-1548-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"name": "USN-1548-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"name": "RHSA-2012:1210",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
},
{
"name": "SUSE-SU-2012:1167",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"name": "SUSE-SU-2012:1157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name": "openSUSE-SU-2012:1065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"name": "55322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55322"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}

180
2012/6xxx/CVE-2012-6058.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45459",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45459"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-40.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-40.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844"
},
{
"name" : "openSUSE-SU-2012:1633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html"
},
{
"name" : "openSUSE-SU-2013:0151",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html"
},
{
"name" : "oval:org.mitre.oval:def:16075",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Number of Sources value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16075",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16075"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-40.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-40.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7844"
},
{
"name": "openSUSE-SU-2012:1633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45459",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45459"
},
{
"name": "openSUSE-SU-2013:0151",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-icmpv6.c?r1=45459&r2=45458&pathrev=45459"
}
]
}
}

190
2015/5xxx/CVE-2015-5800.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "76763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76763"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76763"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

170
2015/5xxx/CVE-2015-5826.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "76766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76766"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76766"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

34
2015/5xxx/CVE-2015-5981.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5981",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5981",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2000.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2000",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2000",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2088.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2088",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2088",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

170
2017/2xxx/CVE-2017-2379.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Carbon\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207602",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207602"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97137"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Carbon\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted .dfont file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97137"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

120
2018/11xxx/CVE-2018-11351.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/"
}
]
}
}

34
2018/11xxx/CVE-2018-11387.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11387",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11387",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/11xxx/CVE-2018-11532.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44795",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44795/"
},
{
"name" : "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a",
"refsource" : "MISC",
"url" : "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a",
"refsource": "MISC",
"url": "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a"
},
{
"name": "44795",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44795/"
}
]
}
}

142
2018/11xxx/CVE-2018-11786.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-09-18T00:00:00",
"ID" : "CVE-2018-11786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Karaf",
"version" : {
"version_data" : [
{
"version_value" : "prior to 4.2.0 release"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Process Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-18T00:00:00",
"ID": "CVE-2018-11786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Karaf",
"version": {
"version_data": [
{
"version_value": "prior to 4.2.0 release"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[karaf-dev] 20180918 [SECURITY] New security advisory for CVE-2018-11786 released for Apache Karaf",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9@%3Cdev.karaf.apache.org%3E"
},
{
"name" : "http://karaf.apache.org/security/cve-2018-11786.txt",
"refsource" : "CONFIRM",
"url" : "http://karaf.apache.org/security/cve-2018-11786.txt"
},
{
"name" : "https://issues.apache.org/jira/browse/KARAF-5427",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/KARAF-5427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Process Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[karaf-dev] 20180918 [SECURITY] New security advisory for CVE-2018-11786 released for Apache Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9@%3Cdev.karaf.apache.org%3E"
},
{
"name": "https://issues.apache.org/jira/browse/KARAF-5427",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/KARAF-5427"
},
{
"name": "http://karaf.apache.org/security/cve-2018-11786.txt",
"refsource": "CONFIRM",
"url": "http://karaf.apache.org/security/cve-2018-11786.txt"
}
]
}
}

34
2018/14xxx/CVE-2018-14222.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14222",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14222",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15041",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15041",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15883.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15883",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15883",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15999.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name": "106172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106172"
}
]
}
}

158
2018/3xxx/CVE-2018-3047.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Enterprise Limits and Collateral Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "14.0.0"
},
{
"version_affected" : "=",
"version_value" : "14.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Enterprise Limits and Collateral Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "14.0.0"
},
{
"version_affected": "=",
"version_value": "14.1.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104801"
},
{
"name" : "1041307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104801"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
}
]
}
}

122
2018/8xxx/CVE-2018-8031.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-07-23T00:00:00",
"ID" : "CVE-2018-8031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache TomEE",
"version" : {
"version_data" : [
{
"version_value" : "< 7.0.5"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross site scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-23T00:00:00",
"ID": "CVE-2018-8031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache TomEE",
"version": {
"version_data": [
{
"version_value": "< 7.0.5"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[tomee-dev] 20180723 CVE-2018-8031 Apache TomEE Webapp XSS",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/c4b0d83a534d6cdf2de54dbbd00e3538072ac2e360781b784608ed0d@%3Cdev.tomee.apache.org%3E"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tomee-dev] 20180723 CVE-2018-8031 Apache TomEE Webapp XSS",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c4b0d83a534d6cdf2de54dbbd00e3538072ac2e360781b784608ed0d@%3Cdev.tomee.apache.org%3E"
}
]
}
}

248
2018/8xxx/CVE-2018-8597.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2016 for Mac"
},
{
"version_value" : "2019 for 32-bit editions"
},
{
"version_value" : "2019 for 64-bit editions"
},
{
"version_value" : "2019 for Mac"
},
{
"version_value" : "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name" : "Office",
"version" : {
"version_data" : [
{
"version_value" : "365 ProPlus for 32-bit Systems"
},
{
"version_value" : "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name" : "Microsoft Excel",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 (32-bit edition)"
},
{
"version_value" : "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
},
{
"name" : "106100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8597"
},
{
"name": "106100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106100"
}
]
}
}

34
2018/8xxx/CVE-2018-8658.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8658",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8658",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}