admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:44:41 +00:00
parent 71ae3b37ec
commit d8d605f71a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 4258 additions and 4258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0496.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0496", "ID": "CVE-1999-0496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "Q146965", "description_data": [
"refsource" : "MSKB", {
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965" "lang": "eng",
} "value": "A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Q146965",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965"
}
]
}
}

150
1999/0xxx/CVE-1999-0729.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0729", "ID": "CVE-1999-0729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/alerts/advise34.php" "lang": "eng",
}, "value": "Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request."
{ }
"name" : "J-061", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/j-061.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "601", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/601" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1057", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/1057" ]
} },
] "references": {
} "reference_data": [
} {
"name": "19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise34.php"
},
{
"name": "601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/601"
},
{
"name": "1057",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1057"
},
{
"name": "J-061",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/j-061.shtml"
}
]
}
}

150
1999/1xxx/CVE-1999-1021.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1021", "ID": "CVE-1999-1021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CA-1992-15", "description_data": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-1992-15.html" "lang": "eng",
}, "value": "NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade."
{ }
"name" : "00117", ]
"refsource" : "SUN", },
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nfs-uid(82)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82" ]
} },
] "references": {
} "reference_data": [
} {
"name": "CA-1992-15",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-1992-15.html"
},
{
"name": "00117",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba"
},
{
"name": "47",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47"
},
{
"name": "nfs-uid(82)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82"
}
]
}
}

140
1999/1xxx/CVE-1999-1096.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1096", "ID": "CVE-1999-1096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19980516 kde exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=90221101925954&w=2" "lang": "eng",
}, "value": "Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable."
{ }
"name" : "19980517 simple kde exploit fix", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=90221101925959&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "kde-klock-home-bo(1644)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1644" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19980516 kde exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221101925954&w=2"
},
{
"name": "19980517 simple kde exploit fix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221101925959&w=2"
},
{
"name": "kde-klock-home-bo(1644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1644"
}
]
}
}

120
1999/1xxx/CVE-1999-1245.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1245", "ID": "CVE-1999-1245",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ucd-snmpd-community(2086)", "description_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2086" "lang": "eng",
} "value": "vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ucd-snmpd-community(2086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2086"
}
]
}
}

120
1999/1xxx/CVE-1999-1347.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1347", "ID": "CVE-1999-1347",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19991007 Problems with redhat 6 Xsession and pam.d/rlogin.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=93942774609925&w=2" "lang": "eng",
} "value": "Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991007 Problems with redhat 6 Xsession and pam.d/rlogin.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=93942774609925&w=2"
}
]
}
}

150
1999/1xxx/CVE-1999-1380.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1380", "ID": "CVE-1999-1380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.net-security.sk/bugs/NT/nu20.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.net-security.sk/bugs/NT/nu20.html" "lang": "eng",
}, "value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
{ }
"name" : "http://mlarchive.ima.com/win95/1997/May/0342.html", ]
"refsource" : "MISC", },
"url" : "http://mlarchive.ima.com/win95/1997/May/0342.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://news.zdnet.co.uk/story/0,,s2065518,00.html", "description": [
"refsource" : "MISC", {
"url" : "http://news.zdnet.co.uk/story/0,,s2065518,00.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nu-tuneocx-activex-control(7188)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7188.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
"refsource": "MISC",
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
"refsource": "MISC",
"url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
},
{
"name": "http://www.net-security.sk/bugs/NT/nu20.html",
"refsource": "MISC",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
]
}
}

130
2000/0xxx/CVE-2000-0333.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0333", "ID": "CVE-2000-0333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000502 Denial of service attack against tcpdump", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca" "lang": "eng",
}, "value": "tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet."
{ }
"name" : "1165", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1165" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000502 Denial of service attack against tcpdump",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca"
},
{
"name": "1165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1165"
}
]
}
}

130
2000/0xxx/CVE-2000-0345.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0345", "ID": "CVE-2000-0345",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The on-line help system options in Cisco routers allows non-privileged users without \"enabled\" access to obtain sensitive information via the show command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000502 Possible issue with Cisco on-line help?", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com" "lang": "eng",
}, "value": "The on-line help system options in Cisco routers allows non-privileged users without \"enabled\" access to obtain sensitive information via the show command."
{ }
"name" : "1161", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1161" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1161"
},
{
"name": "20000502 Possible issue with Cisco on-line help?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com"
}
]
}
}

140
2000/0xxx/CVE-2000-0346.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0346", "ID": "CVE-2000-0346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000502 INFO:AppleShare IP 6.3.2 squashes security bug", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com" "lang": "eng",
}, "value": "AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server."
{ }
"name" : "http://asu.info.apple.com/swupdates.nsf/artnum/n11670", ]
"refsource" : "CONFIRM", },
"url" : "http://asu.info.apple.com/swupdates.nsf/artnum/n11670" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1162", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1162" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1162"
},
{
"name": "20000502 INFO:AppleShare IP 6.3.2 squashes security bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com"
},
{
"name": "http://asu.info.apple.com/swupdates.nsf/artnum/n11670",
"refsource": "CONFIRM",
"url": "http://asu.info.apple.com/swupdates.nsf/artnum/n11670"
}
]
}
}

130
2000/0xxx/CVE-2000-0399.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0399", "ID": "CVE-2000-0399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000524 Deerfield Communications MDaemon Mail Server DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html" "lang": "eng",
}, "value": "Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name."
{ }
"name" : "1250", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1250" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1250"
},
{
"name": "20000524 Deerfield Communications MDaemon Mail Server DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html"
}
]
}
}

130
2000/0xxx/CVE-2000-0449.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0449", "ID": "CVE-2000-0449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000525 Omnis Weak Encryption - Many products affected", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html" "lang": "eng",
}, "value": "Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields."
{ }
"name" : "1255", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1255" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1255"
},
{
"name": "20000525 Omnis Weak Encryption - Many products affected",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html"
}
]
}
}

150
2000/0xxx/CVE-2000-0512.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0512", "ID": "CVE-2000-0512",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000620 CUPS DoS Bugs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html" "lang": "eng",
}, "value": "CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service."
{ }
"name" : "ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch", ]
"refsource" : "CONFIRM", },
"url" : "ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1373", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1373" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "debian-cups-posts(4846)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4846" ]
} },
] "references": {
} "reference_data": [
} {
"name": "debian-cups-posts(4846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4846"
},
{
"name": "ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch"
},
{
"name": "20000620 CUPS DoS Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html"
},
{
"name": "1373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1373"
}
]
}
}

140
2000/0xxx/CVE-2000-0552.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0552", "ID": "CVE-2000-0552",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000606 ICQ2000A ICQmail temparary internet link vulnearbility", "description_data": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html" "lang": "eng",
}, "value": "ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information."
{ }
"name" : "1307", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1307" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "icq-temp-link(4607)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4607" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1307"
},
{
"name": "20000606 ICQ2000A ICQmail temparary internet link vulnearbility",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html"
},
{
"name": "icq-temp-link(4607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4607"
}
]
}
}

140
2000/0xxx/CVE-2000-0906.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0906", "ID": "CVE-2000-0906",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001002 Moreover Cached_Feed CGI Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0013.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters."
{ }
"name" : "moreover-cgi-dir-traverse(5334)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5334" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1762", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1762" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20001002 Moreover Cached_Feed CGI Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0013.html"
},
{
"name": "1762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1762"
},
{
"name": "moreover-cgi-dir-traverse(5334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5334"
}
]
}
}

150
2000/1xxx/CVE-2000-1217.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1217", "ID": "CVE-2000-1217",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the \"Domain Account Lockout\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS00-089", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-089" "lang": "eng",
}, "value": "Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the \"Domain Account Lockout\" vulnerability."
{ }
"name" : "VU#818496", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/818496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1973", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1973" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "win2k-brute-force(5585)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5585" ]
} },
] "references": {
} "reference_data": [
} {
"name": "MS00-089",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-089"
},
{
"name": "win2k-brute-force(5585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5585"
},
{
"name": "1973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1973"
},
{
"name": "VU#818496",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/818496"
}
]
}
}

130
2005/2xxx/CVE-2005-2508.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2508", "ID": "CVE-2005-2508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2005-08-15", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" "lang": "eng",
}, "value": "dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts."
{ }
"name" : "APPLE-SA-2005-08-17", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
]
}
}

120
2005/2xxx/CVE-2005-2799.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2799", "ID": "CVE-2005-2799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050913 Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities" "lang": "eng",
} "value": "Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050913 Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=305&type=vulnerabilities"
}
]
}
}

200
2005/2xxx/CVE-2005-2963.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-2963", "ID": "CVE-2005-2963",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789" "lang": "eng",
}, "value": "The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions."
{ }
"name" : "DSA-844", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-844" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2005:200", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15224", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15224" ]
}, },
{ "references": {
"name" : "19863", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19863" "name": "modauthshadow-require-group-bypass-security(22520)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22520"
"name" : "17060", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17060/" "name": "17348",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17348"
"name" : "17067", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17067" "name": "19863",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/19863"
"name" : "17348", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17348" "name": "17060",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17060/"
"name" : "modauthshadow-require-group-bypass-security(22520)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22520" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789",
} "refsource": "MISC",
] "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789"
} },
} {
"name": "DSA-844",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-844"
},
{
"name": "MDKSA-2005:200",
"refsource": "MANDRIVA",
"url": "http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200"
},
{
"name": "15224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15224"
},
{
"name": "17067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17067"
}
]
}
}

150
2005/2xxx/CVE-2005-2995.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2995", "ID": "CVE-2005-2995",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050920 bacula insecure temporary file creation", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=112721654126735&w=2" "lang": "eng",
}, "value": "bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in."
{ }
"name" : "http://www.zataz.net/adviso/bacula-09192005.txt", ]
"refsource" : "MISC", },
"url" : "http://www.zataz.net/adviso/bacula-09192005.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=104986", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=104986" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2005:022", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2005_22_sr.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.zataz.net/adviso/bacula-09192005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/bacula-09192005.txt"
},
{
"name": "20050920 bacula insecure temporary file creation",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=112721654126735&w=2"
},
{
"name": "SUSE-SR:2005:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=104986",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=104986"
}
]
}
}

150
2005/3xxx/CVE-2005-3037.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3037", "ID": "CVE-2005-3037",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secubox.teria.org/index.php?menu=24&action=detail&aid=82", "description_data": [
"refsource" : "MISC", {
"url" : "http://secubox.teria.org/index.php?menu=24&action=detail&aid=82" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL."
{ }
"name" : "14818", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14818" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1014901", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014901" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16798", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16798" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1014901",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014901"
},
{
"name": "http://secubox.teria.org/index.php?menu=24&action=detail&aid=82",
"refsource": "MISC",
"url": "http://secubox.teria.org/index.php?menu=24&action=detail&aid=82"
},
{
"name": "16798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16798"
},
{
"name": "14818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14818"
}
]
}
}

150
2005/3xxx/CVE-2005-3760.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3760", "ID": "CVE-2005-3760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PK13936", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK13936" "lang": "eng",
}, "value": "Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND)."
{ }
"name" : "ADV-2005-2522", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2005/2522" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1015255", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015255" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17658", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17658" ]
} },
] "references": {
} "reference_data": [
} {
"name": "PK13936",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK13936"
},
{
"name": "1015255",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015255"
},
{
"name": "17658",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17658"
},
{
"name": "ADV-2005-2522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2522"
}
]
}
}

200
2009/2xxx/CVE-2009-2060.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2060", "ID": "CVE-2009-2060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=7338", "description_data": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=7338" "lang": "eng",
}, "value": "src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an \"SSL tampering\" attack."
{ }
"name" : "http://code.google.com/p/chromium/issues/detail?id=8473", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/chromium/issues/detail?id=8473" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", "description": [
"refsource" : "MISC", {
"url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", ]
"refsource" : "MISC", }
"url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479880", "reference_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479880" "name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=11669",
}, "refsource": "CONFIRM",
{ "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=11669"
"name" : "http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/releasenotes1015453", },
"refsource" : "CONFIRM", {
"url" : "http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/releasenotes1015453" "name": "http://code.google.com/p/chromium/issues/detail?id=7338",
}, "refsource": "MISC",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=7338"
"name" : "http://src.chromium.org/viewvc/chrome/branches/release_154.next/src/net/http/http_transaction_winhttp.cc?r1=11621&r2=11669&pathrev=11669", },
"refsource" : "CONFIRM", {
"url" : "http://src.chromium.org/viewvc/chrome/branches/release_154.next/src/net/http/http_transaction_winhttp.cc?r1=11621&r2=11669&pathrev=11669" "name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
}, "refsource": "MISC",
{ "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
"name" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=11669", },
"refsource" : "CONFIRM", {
"url" : "http://src.chromium.org/viewvc/chrome?view=rev&revision=11669" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=479880",
}, "refsource": "MISC",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=479880"
"name" : "googlechrome-connect-code-execution(51194)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51194" "name": "http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/releasenotes1015453",
} "refsource": "CONFIRM",
] "url": "http://sites.google.com/a/chromium.org/dev/getting-involved/dev-channel/release-notes/releasenotes1015453"
} },
} {
"name": "googlechrome-connect-code-execution(51194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51194"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=8473",
"refsource": "MISC",
"url": "http://code.google.com/p/chromium/issues/detail?id=8473"
},
{
"name": "http://src.chromium.org/viewvc/chrome/branches/release_154.next/src/net/http/http_transaction_winhttp.cc?r1=11621&r2=11669&pathrev=11669",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/branches/release_154.next/src/net/http/http_transaction_winhttp.cc?r1=11621&r2=11669&pathrev=11669"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}

140
2009/2xxx/CVE-2009-2167.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2167", "ID": "CVE-2009-2167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8865", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8865" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter."
{ }
"name" : "ADV-2009-1491", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2009/1491" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "egyplus-login-sql-injection(50935)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50935" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "8865",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8865"
},
{
"name": "ADV-2009-1491",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1491"
},
{
"name": "egyplus-login-sql-injection(50935)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50935"
}
]
}
}

160
2009/2xxx/CVE-2009-2256.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2256", "ID": "CVE-2009-2256",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504341/100/0/threaded" "lang": "eng",
}, "value": "The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg."
{ }
"name" : "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/504345/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8964", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8964" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt", ]
"refsource" : "MISC", }
"url" : "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt" ]
}, },
{ "references": {
"name" : "1022403", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1022403" "name": "20090616 Re[2]: [Full-disclosure] Netgear DG632 Router Remote DoS Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/504345/100/0/threaded"
} },
} {
"name": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt",
"refsource": "MISC",
"url": "http://www.tomneaves.co.uk/Netgear_DG632_Remote_DoS.txt"
},
{
"name": "20090615 Re: Netgear DG632 Router Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504341/100/0/threaded"
},
{
"name": "8964",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8964"
},
{
"name": "1022403",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022403"
}
]
}
}

150
2009/2xxx/CVE-2009-2441.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2441", "ID": "CVE-2009-2441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.packetstormsecurity.com/0907-exploits/ogp51-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.com/0907-exploits/ogp51-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter."
{ }
"name" : "35762", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/35762" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-1830", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1830" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "onlineguestbookpro-entry-xss(51721)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51721" ]
} },
] "references": {
} "reference_data": [
} {
"name": "35762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35762"
},
{
"name": "onlineguestbookpro-entry-xss(51721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51721"
},
{
"name": "ADV-2009-1830",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1830"
},
{
"name": "http://www.packetstormsecurity.com/0907-exploits/ogp51-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/0907-exploits/ogp51-xss.txt"
}
]
}
}

170
2009/3xxx/CVE-2009-3360.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3360", "ID": "CVE-2009-3360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0909-exploits/datemill-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0909-exploits/datemill-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php."
{ }
"name" : "57989", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/57989" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "57990", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/57990" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "57991", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/57991" ]
}, },
{ "references": {
"name" : "36608", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36608" "name": "57989",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/57989"
"name" : "datemill-photosearch-xss(53177)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53177" "name": "57990",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/57990"
} },
} {
"name": "57991",
"refsource": "OSVDB",
"url": "http://osvdb.org/57991"
},
{
"name": "http://packetstormsecurity.org/0909-exploits/datemill-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/datemill-xss.txt"
},
{
"name": "36608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36608"
},
{
"name": "datemill-photosearch-xss(53177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53177"
}
]
}
}

210
2009/3xxx/CVE-2009-3522.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3522", "ID": "CVE-2009-3522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090923 Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/506681/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018."
{ }
"name" : "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php", ]
"refsource" : "MISC", },
"url" : "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.avast.com/eng/avast-4-home_pro-revision-history.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.avast.com/eng/avast-4-home_pro-revision-history.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36507", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/36507" ]
}, },
{ "references": {
"name" : "58402", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/58402" "name": "36507",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36507"
"name" : "oval:org.mitre.oval:def:6226", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226" "name": "1022940",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022940"
"name" : "1022940", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022940" "name": "20090923 Avast aswMon2.sys kernel memory corruption and Local Privilege Escalation.",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/506681/100/0/threaded"
"name" : "36858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36858" "name": "36858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36858"
"name" : "ADV-2009-2761", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2761" "name": "avast-aswmon2-bo(53456)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456"
"name" : "avast-aswmon2-bo(53456)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53456" "name": "oval:org.mitre.oval:def:6226",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6226"
} },
} {
"name": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php",
"refsource": "MISC",
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswMon2.sys_kernel_memory_corruption_and_Local_Privilege_Escalation.php"
},
{
"name": "ADV-2009-2761",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2761"
},
{
"name": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html",
"refsource": "CONFIRM",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"name": "58402",
"refsource": "OSVDB",
"url": "http://osvdb.org/58402"
}
]
}
}

140
2015/0xxx/CVE-2015-0075.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-0075", "ID": "CVE-2015-0075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Impersonation Level Check Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-025", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-025" "lang": "eng",
}, "value": "The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Impersonation Level Check Elevation of Privilege Vulnerability.\""
{ }
"name" : "72915", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72915" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031899", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031899" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1031899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031899"
},
{
"name": "72915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72915"
},
{
"name": "MS15-025",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-025"
}
]
}
}

190
2015/0xxx/CVE-2015-0348.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-0348", "ID": "CVE-2015-0348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "GLSA-201504-07", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201504-07" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:0813", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2015:0722", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2015:0723", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html" "name": "openSUSE-SU-2015:0718",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html"
"name" : "openSUSE-SU-2015:0718", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html" "name": "SUSE-SU-2015:0722",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html"
"name" : "openSUSE-SU-2015:0725", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" "name": "GLSA-201504-07",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-07"
"name" : "1032105", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032105" "name": "1032105",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1032105"
} },
} {
"name": "RHSA-2015:0813",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"
},
{
"name": "openSUSE-SU-2015:0725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name": "SUSE-SU-2015:0723",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0614.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0614", "ID": "CVE-2015-0614",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150401 Multiple Vulnerabilities in Cisco Unity Connection", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc" "lang": "eng",
}, "value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267."
{ }
"name" : "1032010", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032010" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150401 Multiple Vulnerabilities in Cisco Unity Connection",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc"
},
{
"name": "1032010",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032010"
}
]
}
}

130
2015/0xxx/CVE-2015-0711.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0711", "ID": "CVE-2015-0711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150428 Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557" "lang": "eng",
}, "value": "The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711."
{ }
"name" : "1032213", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032213" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032213",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032213"
},
{
"name": "20150428 Cisco StarOS for Cisco ASR 5000 Series HAMGR Service Proxy Mobile IPv6 Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38557"
}
]
}
}

220
2015/1xxx/CVE-2015-1069.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-1069", "ID": "CVE-2015-1069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT204560", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204560" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
{ }
"name" : "https://support.apple.com/HT204659", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT204659" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT204661", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204661" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT204662", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT204662" ]
}, },
{ "references": {
"name" : "https://support.apple.com/kb/HT204949", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT204949" "name": "https://support.apple.com/HT204659",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT204659"
"name" : "APPLE-SA-2015-03-17-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" "name": "APPLE-SA-2015-04-08-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
"name" : "APPLE-SA-2015-04-08-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" "name": "APPLE-SA-2015-06-30-6",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
"name" : "APPLE-SA-2015-04-08-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" "name": "APPLE-SA-2015-03-17-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html"
"name" : "APPLE-SA-2015-04-08-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" "name": "APPLE-SA-2015-04-08-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
"name" : "APPLE-SA-2015-06-30-6", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" "name": "https://support.apple.com/kb/HT204949",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/kb/HT204949"
"name" : "1031936", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031936" "name": "1031936",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1031936"
} },
} {
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "https://support.apple.com/HT204560",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204560"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

140
2015/1xxx/CVE-2015-1777.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1777", "ID": "CVE-2015-1777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/03/04/7" "lang": "eng",
}, "value": "rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72943", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72943" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "72943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72943"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198740"
},
{
"name": "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/7"
}
]
}
}

120
2015/4xxx/CVE-2015-4043.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4043", "ID": "CVE-2015-4043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf" "lang": "eng",
} "value": "SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf",
"refsource": "MISC",
"url": "https://labs.asteriskinfosec.com.au/cve/ConnX_ESP_HR.pdf"
}
]
}
}

130
2015/4xxx/CVE-2015-4285.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4285", "ID": "CVE-2015-4285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150722 Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40068" "lang": "eng",
}, "value": "The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service (resource consumption) by sending traffic to these ports continuously, aka Bug ID CSCur88273."
{ }
"name" : "1033043", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033043" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150722 Cisco IOS XR LPTS Network Stack Remote Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40068"
},
{
"name": "1033043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033043"
}
]
}
}

140
2015/4xxx/CVE-2015-4305.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4305", "ID": "CVE-2015-4305",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150916 Cisco Prime Collaboration Assurance Information Disclosure Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40520" "lang": "eng",
}, "value": "The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656."
{ }
"name" : "20150916 Multiple Vulnerabilities in Cisco Prime Collaboration Assurance", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033581", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033581" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20150916 Multiple Vulnerabilities in Cisco Prime Collaboration Assurance",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-pca"
},
{
"name": "1033581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033581"
},
{
"name": "20150916 Cisco Prime Collaboration Assurance Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40520"
}
]
}
}

190
2015/8xxx/CVE-2015-8461.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8461", "ID": "CVE-2015-8461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.isc.org/article/AA-01319", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.isc.org/article/AA-01319" "lang": "eng",
}, "value": "Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors."
{ }
"name" : "https://kb.isc.org/article/AA-01380", ]
"refsource" : "CONFIRM", },
"url" : "https://kb.isc.org/article/AA-01380" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://kb.isc.org/article/AA-01438", "description": [
"refsource" : "CONFIRM", {
"url" : "https://kb.isc.org/article/AA-01438" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-09bf9e06ea", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html" ]
}, },
{ "references": {
"name" : "FEDORA-2015-2df40de264", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html" "name": "1034419",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1034419"
"name" : "SSA:2015-349-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966" "name": "FEDORA-2015-09bf9e06ea",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html"
"name" : "79347", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/79347" "name": "FEDORA-2015-2df40de264",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html"
"name" : "1034419", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1034419" "name": "https://kb.isc.org/article/AA-01438",
} "refsource": "CONFIRM",
] "url": "https://kb.isc.org/article/AA-01438"
} },
} {
"name": "79347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79347"
},
{
"name": "https://kb.isc.org/article/AA-01380",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01380"
},
{
"name": "SSA:2015-349-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966"
},
{
"name": "https://kb.isc.org/article/AA-01319",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01319"
}
]
}
}

120
2015/8xxx/CVE-2015-8670.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2015-8670", "ID": "CVE-2015-8670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LogCenter V100R001C10", "product_name": "LogCenter V100R001C10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "LogCenter V100R001C10" "version_value": "LogCenter V100R001C10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-464247", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-464247" "lang": "eng",
} "value": "Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-464247",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-464247"
}
]
}
}

130
2015/8xxx/CVE-2015-8798.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2015-8798", "ID": "CVE-2015-8798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00" "lang": "eng",
}, "value": "Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors."
{ }
"name" : "90884", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/90884" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160607_00"
},
{
"name": "90884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90884"
}
]
}
}

150
2015/8xxx/CVE-2015-8967.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2015-8967", "ID": "CVE-2015-8967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the \"strict page permissions\" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04" "lang": "eng",
}, "value": "arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the \"strict page permissions\" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access."
{ }
"name" : "http://source.android.com/security/bulletin/2016-12-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://source.android.com/security/bulletin/2016-12-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "94680", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/94680" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04"
},
{
"name": "https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04"
},
{
"name": "94680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94680"
},
{
"name": "http://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-12-01.html"
}
]
}
}

142
2015/9xxx/CVE-2015-9222.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2015-9222", "ID": "CVE-2015-9222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016" "version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Loop with Unreachable Exit Condition ('Infinite Loop') in Video."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39739", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39739/" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze."
{ }
"name" : "https://source.android.com/security/bulletin/2018-04-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2018-04-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103671", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103671" "lang": "eng",
} "value": "Loop with Unreachable Exit Condition ('Infinite Loop') in Video."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "39739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39739/"
},
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

140
2016/5xxx/CVE-2016-5502.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-5502", "ID": "CVE-2016-5502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA."
{ }
"name" : "93656", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93656" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037049", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037049" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037049"
},
{
"name": "93656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93656"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
}
]
}
}

140
2016/5xxx/CVE-2016-5590.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-5590", "ID": "CVE-2016-5590",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Enterprise Monitor", "product_name": "MySQL Enterprise Monitor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.1.3.7856 and earlier" "version_value": "3.1.3.7856 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts)."
{ }
"name" : "95542", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95542" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037640", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037640" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95542"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

242
2016/5xxx/CVE-2016-5883.json
View File

@ -1,123 +1,123 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-5883", "ID": "CVE-2016-5883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "iNotes", "product_name": "iNotes",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_value" : "8.5.3" "version_value": "8.5.3"
}, },
{ {
"version_value" : "8.5.2" "version_value": "8.5.2"
}, },
{ {
"version_value" : "8.5.1" "version_value": "8.5.1"
}, },
{ {
"version_value" : "8.5" "version_value": "8.5"
}, },
{ {
"version_value" : "8.0.2" "version_value": "8.0.2"
}, },
{ {
"version_value" : "8.5.3.6" "version_value": "8.5.3.6"
}, },
{ {
"version_value" : "9.0.1" "version_value": "9.0.1"
}, },
{ {
"version_value" : "8.58.5.3" "version_value": "8.58.5.3"
}, },
{ {
"version_value" : "Fix" "version_value": "Fix"
}, },
{ {
"version_value" : "Pack" "version_value": "Pack"
}, },
{ {
"version_value" : "6" "version_value": "6"
}, },
{ {
"version_value" : "Interim" "version_value": "Interim"
}, },
{ {
"version_value" : "1" "version_value": "1"
}, },
{ {
"version_value" : "8.5.x" "version_value": "8.5.x"
}, },
{ {
"version_value" : "8.5.1.5" "version_value": "8.5.1.5"
}, },
{ {
"version_value" : "8.5.2.4" "version_value": "8.5.2.4"
}, },
{ {
"version_value" : "9.0.1.7" "version_value": "9.0.1.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997010", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997010" "lang": "eng",
}, "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010."
{ }
"name" : "96168", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96168" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037790", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037790" "lang": "eng",
} "value": "Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96168"
},
{
"name": "1037790",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037790"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997010",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997010"
}
]
}
}

34
2018/2xxx/CVE-2018-2118.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2118", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2118",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/2xxx/CVE-2018-2208.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2208", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2208",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

138
2018/2xxx/CVE-2018-2457.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cna@sap.com", "ASSIGNER": "cna@sap.com",
"ID" : "CVE-2018-2457", "ID": "CVE-2018-2457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SAP Adaptive Server Enterprise", "product_name": "SAP Adaptive Server Enterprise",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_name" : "=", "version_name": "=",
"version_value" : "16.0" "version_value": "16.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "SAP" "vendor_name": "SAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://launchpad.support.sap.com/#/notes/2679788", "description_data": [
"refsource" : "MISC", {
"url" : "https://launchpad.support.sap.com/#/notes/2679788" "lang": "eng",
}, "value": "Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted."
{ }
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993", ]
"refsource" : "CONFIRM", },
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993" "problemtype": {
} "problemtype_data": [
] {
}, "description": [
"source" : { {
"discovery" : "UNKNOWN" "lang": "eng",
} "value": "Information Disclosure"
} }
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2679788",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2679788"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

168
2018/2xxx/CVE-2018-2938.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2938", "ID": "CVE-2018-2938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE: 6u191" "version_value": "Java SE: 6u191"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "7u181" "version_value": "7u181"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8u172" "version_value": "8u172"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180726-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180726-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104774", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104774" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
{ }
"name" : "1041302", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041302" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0001/"
},
{
"name": "1041302",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041302"
},
{
"name": "104774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104774"
}
]
}
}

130
2018/6xxx/CVE-2018-6007.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6007", "ID": "CVE-2018-6007",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43912", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43912/" "lang": "eng",
}, "value": "CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and allows attackers to inject HTML or edit a ticket."
{ }
"name" : "https://packetstormsecurity.com/files/146135/Joomla-JS-Support-Ticket-1.1.0-Cross-Site-Request-Forgery.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/146135/Joomla-JS-Support-Ticket-1.1.0-Cross-Site-Request-Forgery.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43912",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43912/"
},
{
"name": "https://packetstormsecurity.com/files/146135/Joomla-JS-Support-Ticket-1.1.0-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/146135/Joomla-JS-Support-Ticket-1.1.0-Cross-Site-Request-Forgery.html"
}
]
}
}

172
2018/6xxx/CVE-2018-6047.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6047", "ID": "CVE-2018-6047",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "64.0.3282.119" "version_value": "64.0.3282.119"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html" "lang": "eng",
}, "value": "Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page."
{ }
"name" : "https://crbug.com/799847", ]
"refsource" : "CONFIRM", },
"url" : "https://crbug.com/799847" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4103", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4103" "lang": "eng",
}, "value": "Insufficient policy enforcement"
{ }
"name" : "RHSA-2018:0265", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:0265" ]
}, },
{ "references": {
"name" : "102797", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102797" "name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
"name" : "1040282", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040282" "name": "DSA-4103",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4103"
} },
} {
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/799847",
"refsource": "CONFIRM",
"url": "https://crbug.com/799847"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}

172
2018/6xxx/CVE-2018-6144.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6144", "ID": "CVE-2018-6144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "67.0.3396.62" "version_value": "67.0.3396.62"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/828049", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/828049" "lang": "eng",
}, "value": "Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file."
{ }
"name" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4237", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4237" "lang": "eng",
}, "value": "Out of bounds write"
{ }
"name" : "RHSA-2018:1815", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:1815" ]
}, },
{ "references": {
"name" : "104309", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104309" "name": "https://crbug.com/828049",
}, "refsource": "MISC",
{ "url": "https://crbug.com/828049"
"name" : "1041014", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041014" "name": "104309",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/104309"
} },
} {
"name": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"
},
{
"name": "1041014",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041014"
},
{
"name": "RHSA-2018:1815",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1815"
},
{
"name": "DSA-4237",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4237"
}
]
}
}

172
2018/6xxx/CVE-2018-6173.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6173", "ID": "CVE-2018-6173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "68.0.3440.75" "version_value": "68.0.3440.75"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/836885", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/836885" "lang": "eng",
}, "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name."
{ }
"name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4256", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4256" "lang": "eng",
}, "value": "Insufficient policy enforcement"
{ }
"name" : "GLSA-201808-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201808-01" ]
}, },
{ "references": {
"name" : "RHSA-2018:2282", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2282" "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
"name" : "104887", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104887" "name": "RHSA-2018:2282",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:2282"
} },
} {
"name": "https://crbug.com/836885",
"refsource": "MISC",
"url": "https://crbug.com/836885"
},
{
"name": "GLSA-201808-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-01"
},
{
"name": "DSA-4256",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4256"
},
{
"name": "104887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104887"
}
]
}
}

140
2018/6xxx/CVE-2018-6409.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6409", "ID": "CVE-2018-6409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44804", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44804/" "lang": "eng",
}, "value": "An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter."
{ }
"name" : "https://metalamin.github.io/MachForm-not-0-day-EN/", ]
"refsource" : "MISC", },
"url" : "https://metalamin.github.io/MachForm-not-0-day-EN/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.machform.com/blog-machform-423-security-release/", "description": [
"refsource" : "MISC", {
"url" : "https://www.machform.com/blog-machform-423-security-release/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://metalamin.github.io/MachForm-not-0-day-EN/",
"refsource": "MISC",
"url": "https://metalamin.github.io/MachForm-not-0-day-EN/"
},
{
"name": "44804",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44804/"
},
{
"name": "https://www.machform.com/blog-machform-423-security-release/",
"refsource": "MISC",
"url": "https://www.machform.com/blog-machform-423-security-release/"
}
]
}
}

34
2018/7xxx/CVE-2018-7089.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7089", "ID": "CVE-2018-7089",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/7xxx/CVE-2018-7177.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7177", "ID": "CVE-2018-7177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44134", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44134" "lang": "eng",
} "value": "SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44134",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44134"
}
]
}
}

130
2018/7xxx/CVE-2018-7212.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7212", "ID": "CVE-2018-7212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c" "lang": "eng",
}, "value": "An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters."
{ }
"name" : "https://github.com/sinatra/sinatra/pull/1379", ]
"refsource" : "MISC", },
"url" : "https://github.com/sinatra/sinatra/pull/1379" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c",
"refsource": "MISC",
"url": "https://github.com/sinatra/sinatra/commit/6ad721abcfe36334108dcdd05d046c361e1b7a9c"
},
{
"name": "https://github.com/sinatra/sinatra/pull/1379",
"refsource": "MISC",
"url": "https://github.com/sinatra/sinatra/pull/1379"
}
]
}
}

120
2018/7xxx/CVE-2018-7431.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7431", "ID": "CVE-2018-7431",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.splunk.com/view/SP-CAAAP5T", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.splunk.com/view/SP-CAAAP5T" "lang": "eng",
} "value": "Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/view/SP-CAAAP5T",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/view/SP-CAAAP5T"
}
]
}
}

34
2018/7xxx/CVE-2018-7975.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-7975", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-7975",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1498.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1498", "ID": "CVE-2019-1498",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1538.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1538", "ID": "CVE-2019-1538",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5125.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5125", "ID": "CVE-2019-5125",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5396.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5396", "ID": "CVE-2019-5396",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5496.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5496", "ID": "CVE-2019-5496",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5824.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5824", "ID": "CVE-2019-5824",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }