admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:32:58 +00:00
parent e8435e1b8a
commit dba4b21c5c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4256 additions and 4256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
1999/0xxx/CVE-1999-0757.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ASB99-08",
"refsource" : "ALLAIRE",
"url" : "http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full"
},
{
"name" : "coldfusion-encryption(2208)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB99-08",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full"
},
{
"name": "coldfusion-encryption(2208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2208"
}
]
}
}

128
1999/1xxx/CVE-1999-1158.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "AA-97.09",
"refsource" : "AUSCERT",
"url" : "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul"
},
{
"name" : "00139",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/139&type=0&nav=sec.sba"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AA-97.09",
"refsource": "AUSCERT",
"url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul"
},
{
"name": "00139",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/139&type=0&nav=sec.sba"
}
]
}
}

118
1999/1xxx/CVE-1999-1345.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19991005 Auto_FTP v0.02 Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=93923873006014&w=2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991005 Auto_FTP v0.02 Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=93923873006014&w=2"
}
]
}
}

128
1999/1xxx/CVE-1999-1362.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "Q160601",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/support/kb/articles/q160/6/01.asp"
},
{
"name" : "nt-win32k-dos(7403)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7403.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nt-win32k-dos(7403)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7403.php"
},
{
"name": "Q160601",
"refsource": "MSKB",
"url": "http://support.microsoft.com/support/kb/articles/q160/6/01.asp"
}
]
}
}

128
1999/1xxx/CVE-1999-1376.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990114 MS IIS 4.0 Security Advisory",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=91632724913080&w=2"
},
{
"name" : "19990114 MS IIS 4.0 Security Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=91638375309890&w=2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990114 MS IIS 4.0 Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=91638375309890&w=2"
},
{
"name": "19990114 MS IIS 4.0 Security Advisory",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=91632724913080&w=2"
}
]
}
}

128
2000/0xxx/CVE-2000-0057.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ASB00-03",
"refsource" : "ALLAIRE",
"url" : "http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full"
},
{
"name" : "917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/917"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ASB00-03",
"refsource": "ALLAIRE",
"url": "http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full"
},
{
"name": "917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/917"
}
]
}
}

138
2000/0xxx/CVE-2000-0121.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the \"Recycle Bin Creation\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS00-007",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-007"
},
{
"name" : "Q248399",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399"
},
{
"name" : "963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/963"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the \"Recycle Bin Creation\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Q248399",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399"
},
{
"name": "MS00-007",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-007"
},
{
"name": "963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/963"
}
]
}
}

138
2000/0xxx/CVE-2000-0235.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-00:10",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc"
},
{
"name" : "1070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1070"
},
{
"name" : "1263",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1263"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:10",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc"
},
{
"name": "1070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1070"
},
{
"name": "1263",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1263"
}
]
}
}

128
2000/0xxx/CVE-2000-0270.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
},
{
"name" : "1126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1126"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1126"
},
{
"name": "20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de"
}
]
}
}

118
2000/0xxx/CVE-2000-0308.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SB-99.08",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SB-99.08",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a"
}
]
}
}

128
2000/0xxx/CVE-2000-0383.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000507 AOL Instant Messenger",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918$7310d5a0$1ef084ce@karemor.com"
},
{
"name" : "1180",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1180"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1180"
},
{
"name": "20000507 AOL Instant Messenger",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918$7310d5a0$1ef084ce@karemor.com"
}
]
}
}

128
2000/0xxx/CVE-2000-0756.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000831 vCard DoS on Outlook 2000",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Springmail.105.967737080.0.16997300@www.springmail.com"
},
{
"name" : "1633",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1633"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1633"
},
{
"name": "20000831 vCard DoS on Outlook 2000",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Springmail.105.967737080.0.16997300@www.springmail.com"
}
]
}
}

138
2000/1xxx/CVE-2000-1054.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name" : "1705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1705"
},
{
"name" : "ciscosecure-csadmin-bo(5272)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1705"
},
{
"name": "ciscosecure-csadmin-bo(5272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
}
]
}
}

148
2005/2xxx/CVE-2005-2077.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050628 Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111997456519685&w=2"
},
{
"name" : "20051215 Bug in HC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419597/100/0/threaded"
},
{
"name" : "14080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14080"
},
{
"name" : "1016456",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016456"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016456",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016456"
},
{
"name": "20051215 Bug in HC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419597/100/0/threaded"
},
{
"name": "20050628 Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111997456519685&w=2"
},
{
"name": "14080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14080"
}
]
}
}

128
2005/2xxx/CVE-2005-2144.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1014346",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014346"
},
{
"name" : "15885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15885"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15885"
},
{
"name": "1014346",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014346"
}
]
}
}

148
2005/2xxx/CVE-2005-2877.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050914 TWiki Remote Command Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112680475417550&w=2"
},
{
"name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev",
"refsource" : "CONFIRM",
"url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"name" : "VU#757181",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/757181"
},
{
"name" : "14834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14834"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"name": "20050914 TWiki Remote Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112680475417550&w=2"
},
{
"name": "VU#757181",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/757181"
},
{
"name": "14834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14834"
}
]
}
}

198
2005/3xxx/CVE-2005-3417.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113081113317600&w=2"
},
{
"name" : "http://www.hardened-php.net/advisory_172005.75.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name" : "DSA-925",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-925"
},
{
"name" : "15243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15243"
},
{
"name" : "20414",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20414"
},
{
"name" : "1015121",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015121"
},
{
"name" : "17366",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17366"
},
{
"name" : "18098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18098"
},
{
"name" : "130",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/130"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20414",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20414"
},
{
"name": "20051031 Advisory 17/2005: phpBB Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113081113317600&w=2"
},
{
"name": "DSA-925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-925"
},
{
"name": "17366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17366"
},
{
"name": "130",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/130"
},
{
"name": "18098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18098"
},
{
"name": "http://www.hardened-php.net/advisory_172005.75.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_172005.75.html"
},
{
"name": "1015121",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015121"
},
{
"name": "15243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15243"
}
]
}
}

32
2005/3xxx/CVE-2005-3965.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3965",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2607. Reason: This candidate is a duplicate of CVE-2004-2607. Notes: All CVE users should reference CVE-2004-2607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-3965",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2607. Reason: This candidate is a duplicate of CVE-2004-2607. Notes: All CVE users should reference CVE-2004-2607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

128
2007/5xxx/CVE-2007-5096.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/",
"refsource" : "MISC",
"url" : "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/"
},
{
"name" : "38575",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38575"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/",
"refsource": "MISC",
"url": "http://arfis.wordpress.com/2007/09/14/rfi-02-guanxicrm-business-solution/"
},
{
"name": "38575",
"refsource": "OSVDB",
"url": "http://osvdb.org/38575"
}
]
}
}

298
2007/5xxx/CVE-2007-5156.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains \".php.\" and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070927 [waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/480830/100/0/threaded"
},
{
"name" : "5618",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5618"
},
{
"name" : "5688",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5688"
},
{
"name" : "http://www.waraxe.us/advisory-57.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-57.html"
},
{
"name" : "http://dev.fckeditor.net/changeset/973",
"refsource" : "MISC",
"url" : "http://dev.fckeditor.net/changeset/973"
},
{
"name" : "http://dev.fckeditor.net/ticket/1325",
"refsource" : "MISC",
"url" : "http://dev.fckeditor.net/ticket/1325"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=743930",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=743930"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=546000",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=546000"
},
{
"name" : "29422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29422"
},
{
"name" : "30677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30677"
},
{
"name" : "ADV-2007-3464",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3464"
},
{
"name" : "ADV-2007-3465",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3465"
},
{
"name" : "27123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27123"
},
{
"name" : "27174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27174"
},
{
"name" : "3182",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3182"
},
{
"name" : "lanai-upload-file-upload(42425)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42425"
},
{
"name" : "syntaxcms-upload-file-upload(42733)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42733"
},
{
"name" : "cardinal-upload-file-upload(44455)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44455"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains \".php.\" and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30677"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=743930",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=743930"
},
{
"name": "http://dev.fckeditor.net/ticket/1325",
"refsource": "MISC",
"url": "http://dev.fckeditor.net/ticket/1325"
},
{
"name": "5688",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5688"
},
{
"name": "http://www.waraxe.us/advisory-57.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-57.html"
},
{
"name": "29422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29422"
},
{
"name": "syntaxcms-upload-file-upload(42733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42733"
},
{
"name": "5618",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5618"
},
{
"name": "cardinal-upload-file-upload(44455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44455"
},
{
"name": "lanai-upload-file-upload(42425)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42425"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=546000",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=546000"
},
{
"name": "27123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27123"
},
{
"name": "3182",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3182"
},
{
"name": "http://dev.fckeditor.net/changeset/973",
"refsource": "MISC",
"url": "http://dev.fckeditor.net/changeset/973"
},
{
"name": "20070927 [waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/480830/100/0/threaded"
},
{
"name": "27174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27174"
},
{
"name": "ADV-2007-3464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3464"
},
{
"name": "ADV-2007-3465",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3465"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30677.php"
}
]
}
}

218
2007/5xxx/CVE-2007-5351.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka \"SMBv2 Signing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-5351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02299",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name" : "SSRT071506",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name" : "MS07-063",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-063"
},
{
"name" : "TA07-345A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name" : "VU#520465",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/520465"
},
{
"name" : "26777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26777"
},
{
"name" : "ADV-2007-4179",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4179"
},
{
"name" : "oval:org.mitre.oval:def:4208",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4208"
},
{
"name" : "1019072",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019072"
},
{
"name" : "27997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27997"
},
{
"name" : "win-vista-smbv2-code-execution(38725)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38725"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka \"SMBv2 Signing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4179"
},
{
"name": "SSRT071506",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "win-vista-smbv2-code-execution(38725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38725"
},
{
"name": "MS07-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-063"
},
{
"name": "1019072",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019072"
},
{
"name": "oval:org.mitre.oval:def:4208",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4208"
},
{
"name": "26777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26777"
},
{
"name": "HPSBST02299",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded"
},
{
"name": "VU#520465",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/520465"
},
{
"name": "TA07-345A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html"
},
{
"name": "27997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27997"
}
]
}
}

32
2007/5xxx/CVE-2007-5866.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5866",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5866",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2007/5xxx/CVE-2007-5943.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
},
{
"name" : "26508",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26508"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the \"show results as messages\" option, then searching for possible keywords contained in that message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26508"
},
{
"name": "20071108 Simple Machine Forum - Private section/posts/info disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483437/100/0/threaded"
}
]
}
}

148
2009/2xxx/CVE-2009-2449.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=694644",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=694644"
},
{
"name" : "35596",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35596"
},
{
"name" : "35845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35845"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in maillinglist/admin/change_config.php in ADbNewsSender before 1.5.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path_to_lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=694644",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=694644"
},
{
"name": "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/apps/mantisbt/adbnewssender/view.php?id=22"
},
{
"name": "35596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35596"
},
{
"name": "35845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35845"
}
]
}
}

248
2009/2xxx/CVE-2009-2470.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=459524",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=459524"
},
{
"name" : "FEDORA-2009-8279",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html"
},
{
"name" : "FEDORA-2009-8288",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html"
},
{
"name" : "RHSA-2010:0153",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name" : "RHSA-2010:0154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name" : "266148",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"
},
{
"name" : "35925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35925"
},
{
"name" : "oval:org.mitre.oval:def:10197",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10197"
},
{
"name" : "1022665",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022665"
},
{
"name" : "36126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36126"
},
{
"name" : "ADV-2009-2142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2142"
},
{
"name" : "ADV-2010-0650",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name" : "firefox-socks5-dos(52252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52252"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2142"
},
{
"name": "RHSA-2010:0153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=459524",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=459524"
},
{
"name": "1022665",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022665"
},
{
"name": "266148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"
},
{
"name": "ADV-2010-0650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name": "firefox-socks5-dos(52252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52252"
},
{
"name": "35925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35925"
},
{
"name": "FEDORA-2009-8288",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html"
},
{
"name": "RHSA-2010:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name": "36126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36126"
},
{
"name": "FEDORA-2009-8279",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html"
},
{
"name": "oval:org.mitre.oval:def:10197",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10197"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-38.html"
}
]
}
}

178
2009/2xxx/CVE-2009-2589.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
},
{
"name" : "56170",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56170"
},
{
"name" : "56171",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56171"
},
{
"name" : "56172",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56172"
},
{
"name" : "35893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35893"
},
{
"name" : "ADV-2009-1978",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1978"
},
{
"name" : "hutscripts-msg-xss(51912)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56170",
"refsource": "OSVDB",
"url": "http://osvdb.org/56170"
},
{
"name": "ADV-2009-1978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1978"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
},
{
"name": "56171",
"refsource": "OSVDB",
"url": "http://osvdb.org/56171"
},
{
"name": "hutscripts-msg-xss(51912)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51912"
},
{
"name": "56172",
"refsource": "OSVDB",
"url": "http://osvdb.org/56172"
},
{
"name": "35893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35893"
}
]
}
}

168
2009/2xxx/CVE-2009-2805.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3865",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3865"
},
{
"name" : "APPLE-SA-2009-09-10-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name" : "36358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36358"
},
{
"name" : "57950",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57950"
},
{
"name" : "36701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36701"
},
{
"name" : "macosx-jbig2-bo(53167)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53167"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57950",
"refsource": "OSVDB",
"url": "http://osvdb.org/57950"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "36358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36358"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
},
{
"name": "macosx-jbig2-bo(53167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53167"
}
]
}
}

32
2009/3xxx/CVE-2009-3827.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3827",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3827",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2015/0xxx/CVE-2015-0129.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696856",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21696856"
},
{
"name" : "1031886",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031886"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21696856",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696856"
},
{
"name": "1031886",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031886"
}
]
}
}

118
2015/0xxx/CVE-2015-0299.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133737/Open-Source-Point-Of-Sale-2.3.1-Cross-Site-Scripting.html"
}
]
}
}

148
2015/0xxx/CVE-2015-0402.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72187"
},
{
"name" : "1031578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031578"
},
{
"name" : "oracle-cpujan2015-cve20150402(100121)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100121"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujan2015-cve20150402(100121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "72187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72187"
},
{
"name": "1031578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031578"
}
]
}
}

278
2015/0xxx/CVE-2015-0813.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-0813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3211",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3211"
},
{
"name" : "DSA-3212",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3212"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "RHSA-2015:0766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0766.html"
},
{
"name" : "RHSA-2015:0771",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0771.html"
},
{
"name" : "SUSE-SU-2015:0704",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html"
},
{
"name" : "openSUSE-SU-2015:0677",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "openSUSE-SU-2015:0892",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"name" : "USN-2550-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2550-1"
},
{
"name" : "USN-2552-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2552-1"
},
{
"name" : "73463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73463"
},
{
"name" : "1031996",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031996"
},
{
"name" : "1032000",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032000"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73463"
},
{
"name": "1031996",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031996"
},
{
"name": "openSUSE-SU-2015:0892",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "DSA-3212",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3212"
},
{
"name": "SUSE-SU-2015:0704",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html"
},
{
"name": "USN-2552-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2552-1"
},
{
"name": "RHSA-2015:0766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-31.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "USN-2550-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2550-1"
},
{
"name": "1032000",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032000"
},
{
"name": "openSUSE-SU-2015:0677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html"
},
{
"name": "RHSA-2015:0771",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1106596"
},
{
"name": "DSA-3211",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3211"
}
]
}
}

128
2015/3xxx/CVE-2015-3933.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37363",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37363/"
},
{
"name" : "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch",
"refsource" : "CONFIRM",
"url" : "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37363",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37363/"
},
{
"name": "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch",
"refsource": "CONFIRM",
"url": "https://github.com/semplon/GeniXCMS/releases/tag/v0.0.3-patch"
}
]
}
}

118
2015/4xxx/CVE-2015-4180.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150604 Re: CVE requests / Advisory: phpMyBackupPro",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/04/10"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150604 Re: CVE requests / Advisory: phpMyBackupPro",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/10"
}
]
}
}

32
2015/4xxx/CVE-2015-4251.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4251",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-4251",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

136
2015/4xxx/CVE-2015-4615.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "larry0@me.com",
"DATE_ASSIGNED" : "2015-06-08",
"ID" : "CVE-2015-4615",
"REQUESTER" : "cve-assign@mitre.org",
"STATE" : "PUBLIC",
"UPDATED" : "2019-02-13T10:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Easy2map-photos WordPress Plugin",
"version" : {
"version_data" : [
{
"version_affected" : "1.09",
"version_value" : "1.09"
}
]
}
}
]
},
"vendor_name" : "Steven Ellis"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection in easy2map-photos wordpress plugin v1.09"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2015-06-08",
"ID": "CVE-2015-4615",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy2map-photos WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "1.09",
"version_value": "1.09"
}
]
}
}
]
},
"vendor_name": "Steven Ellis"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=130",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"name" : "https://wordpress.org/plugins/easy2map-photos",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/easy2map-photos"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection in easy2map-photos wordpress plugin v1.09"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=130",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=130"
},
{
"name": "https://wordpress.org/plugins/easy2map-photos",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy2map-photos"
}
]
}
}

148
2015/4xxx/CVE-2015-4730.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "USN-2781-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2781-1"
},
{
"name" : "77199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77199"
},
{
"name" : "1033894",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033894"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033894"
},
{
"name": "USN-2781-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2781-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "77199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77199"
}
]
}
}

32
2015/8xxx/CVE-2015-8075.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8075",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-8075",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

128
2015/8xxx/CVE-2015-8081.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2603560",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2603560"
},
{
"name" : "https://www.drupal.org/node/2603420",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2603420"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2603560",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2603560"
},
{
"name": "https://www.drupal.org/node/2603420",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2603420"
}
]
}
}

128
2015/8xxx/CVE-2015-8253.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/",
"refsource" : "MISC",
"url" : "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/"
},
{
"name" : "VU#792004",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/792004"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/",
"refsource": "MISC",
"url": "http://cybergibbons.com/alarms-2/multiple-serious-vulnerabilities-in-rsi-videofieds-alarm-protocol/"
},
{
"name": "VU#792004",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/792004"
}
]
}
}

138
2015/8xxx/CVE-2015-8548.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-8548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
},
{
"name" : "RHSA-2015:2618",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
},
{
"name" : "USN-2860-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2860-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
},
{
"name": "RHSA-2015:2618",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
},
{
"name": "USN-2860-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2860-1"
}
]
}
}

130
2015/9xxx/CVE-2015-9141.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-9141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, SD 810"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ACQ HHO scenarios without pullin procedure"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-9141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, SD 810"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow in ACQ HHO scenarios without pullin procedure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

218
2016/5xxx/CVE-2016-5143.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html"
},
{
"name" : "https://codereview.chromium.org/2065823004",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/2065823004"
},
{
"name" : "https://crbug.com/619414",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/619414"
},
{
"name" : "DSA-3645",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3645"
},
{
"name" : "FEDORA-2016-e9798eaaa3",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/"
},
{
"name" : "GLSA-201610-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-09"
},
{
"name" : "RHSA-2016:1580",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1580.html"
},
{
"name" : "openSUSE-SU-2016:1982",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html"
},
{
"name" : "openSUSE-SU-2016:1983",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html"
},
{
"name" : "92276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92276"
},
{
"name" : "1036547",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036547"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/2065823004",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2065823004"
},
{
"name": "92276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92276"
},
{
"name": "openSUSE-SU-2016:1983",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html"
},
{
"name": "RHSA-2016:1580",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1580.html"
},
{
"name": "1036547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036547"
},
{
"name": "https://crbug.com/619414",
"refsource": "CONFIRM",
"url": "https://crbug.com/619414"
},
{
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html"
},
{
"name": "openSUSE-SU-2016:1982",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html"
},
{
"name": "DSA-3645",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3645"
},
{
"name": "FEDORA-2016-e9798eaaa3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KMX62M7UNRLWO4FEQ6YIMPMTKXXJV6A/"
}
]
}
}

148
2016/5xxx/CVE-2016-5611.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "GLSA-201612-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-27"
},
{
"name" : "93744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93744"
},
{
"name" : "1037053",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037053"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93744"
},
{
"name": "GLSA-201612-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1037053",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037053"
}
]
}
}

140
2016/5xxx/CVE-2016-5862.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-05-01T00:00:00",
"ID" : "CVE-2016-5862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "Android for MSM, Firefox OS for MSM, QRD Android"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted Pointer Dereference in Audio"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-05-01T00:00:00",
"ID": "CVE-2016-5862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "Android for MSM, Firefox OS for MSM, QRD Android"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04",
"refsource" : "MISC",
"url" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04"
},
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98194"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in Audio"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98194"
},
{
"name": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

32
2018/2xxx/CVE-2018-2171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2171",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2171",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

32
2018/2xxx/CVE-2018-2302.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2302",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2302",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

150
2018/2xxx/CVE-2018-2675.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java Advanced Management Console: 2.8"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java Advanced Management Console: 2.8"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180117-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
},
{
"name" : "102670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102670"
},
{
"name" : "1040203",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040203"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java Advanced Management Console accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
},
{
"name": "102670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102670"
},
{
"name": "1040203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040203"
}
]
}
}

164
2018/2xxx/CVE-2018-2756.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Communications Order and Service Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "7.2.4.3.0"
},
{
"version_affected" : "=",
"version_value" : "7.3.0.1.x"
},
{
"version_affected" : "=",
"version_value" : "7.3.1.0.7"
},
{
"version_affected" : "=",
"version_value" : "7.3.5.0.x"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Communications Order and Service Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.4.3.0"
},
{
"version_affected": "=",
"version_value": "7.3.0.1.x"
},
{
"version_affected": "=",
"version_value": "7.3.1.0.7"
},
{
"version_affected": "=",
"version_value": "7.3.5.0.x"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103874"
},
{
"name" : "1040692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040692"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040692"
},
{
"name": "103874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103874"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
}
]
}
}

404
2018/2xxx/CVE-2018-2790.json
View File

@ -1,205 +1,205 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u181"
},
{
"version_affected" : "=",
"version_value" : "7u171"
},
{
"version_affected" : "=",
"version_value" : "8u162"
},
{
"version_affected" : "=",
"version_value" : "10; Java SE Embedded: 8u161"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u181"
},
{
"version_affected": "=",
"version_value": "7u171"
},
{
"version_affected": "=",
"version_value": "8u162"
},
{
"version_affected": "=",
"version_value": "10; Java SE Embedded: 8u161"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180419-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "DSA-4185",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4185"
},
{
"name" : "DSA-4225",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4225"
},
{
"name" : "GLSA-201903-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201903-14"
},
{
"name" : "RHSA-2018:1188",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1188"
},
{
"name" : "RHSA-2018:1191",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1191"
},
{
"name" : "RHSA-2018:1201",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1201"
},
{
"name" : "RHSA-2018:1202",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1202"
},
{
"name" : "RHSA-2018:1203",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1203"
},
{
"name" : "RHSA-2018:1204",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1204"
},
{
"name" : "RHSA-2018:1205",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1205"
},
{
"name" : "RHSA-2018:1206",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1206"
},
{
"name" : "RHSA-2018:1270",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1270"
},
{
"name" : "RHSA-2018:1278",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1278"
},
{
"name" : "RHSA-2018:1721",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1721"
},
{
"name" : "RHSA-2018:1722",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1722"
},
{
"name" : "RHSA-2018:1723",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1723"
},
{
"name" : "RHSA-2018:1724",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1724"
},
{
"name" : "RHSA-2018:1974",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1974"
},
{
"name" : "RHSA-2018:1975",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1975"
},
{
"name" : "USN-3644-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3644-1/"
},
{
"name" : "USN-3691-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3691-1/"
},
{
"name" : "103877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103877"
},
{
"name" : "1040697",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040697"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1278",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1278"
},
{
"name": "DSA-4185",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4185"
},
{
"name": "RHSA-2018:1975",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1975"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us"
},
{
"name": "GLSA-201903-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-14"
},
{
"name": "DSA-4225",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4225"
},
{
"name": "1040697",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040697"
},
{
"name": "RHSA-2018:1724",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1724"
},
{
"name": "RHSA-2018:1203",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1203"
},
{
"name": "USN-3644-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3644-1/"
},
{
"name": "RHSA-2018:1723",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1723"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name": "RHSA-2018:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1201"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2018:1204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1204"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2018:1722",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1722"
},
{
"name": "RHSA-2018:1974",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1974"
},
{
"name": "RHSA-2018:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1205"
},
{
"name": "RHSA-2018:1721",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1721"
},
{
"name": "USN-3691-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3691-1/"
},
{
"name": "RHSA-2018:1202",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1202"
},
{
"name": "RHSA-2018:1191",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1191"
},
{
"name": "RHSA-2018:1188",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1188"
},
{
"name": "RHSA-2018:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1206"
},
{
"name": "RHSA-2018:1270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1270"
},
{
"name": "103877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103877"
}
]
}
}

160
2018/6xxx/CVE-2018-6069.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "65.0.3325.146"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/799918",
"refsource" : "MISC",
"url" : "https://crbug.com/799918"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4182",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4182"
},
{
"name" : "RHSA-2018:0484",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name" : "103297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103297"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/799918",
"refsource": "MISC",
"url": "https://crbug.com/799918"
},
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "103297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
}
]
}
}

170
2018/6xxx/CVE-2018-6091.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "66.0.3359.117"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "66.0.3359.117"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/771933",
"refsource" : "MISC",
"url" : "https://crbug.com/771933"
},
{
"name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4182",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4182"
},
{
"name" : "GLSA-201804-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-22"
},
{
"name" : "RHSA-2018:1195",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1195"
},
{
"name" : "103917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103917"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/771933",
"refsource": "MISC",
"url": "https://crbug.com/771933"
},
{
"name": "GLSA-201804-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-22"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "103917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103917"
},
{
"name": "RHSA-2018:1195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1195"
}
]
}
}

120
2018/6xxx/CVE-2018-6254.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-05-07T00:00:00",
"ID" : "CVE-2018-6254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "NA"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-05-07T00:00:00",
"ID": "CVE-2018-6254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "NA"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-05-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-05-01"
}
]
}
}

292
2018/6xxx/CVE-2018-6498.json
View File

@ -1,149 +1,149 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-08-30T17:00:00.000Z",
"ID" : "CVE-2018-6498",
"STATE" : "PUBLIC",
"TITLE" : "Micro Focus Container Deployment Foundation (CDF), Remote Code Execution"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : " Network Operations Management (NOM) Suite CDF",
"version" : {
"version_data" : [
{
"version_value" : "2017.11, 2018.02, 2018.05"
}
]
}
},
{
"product_name" : "Service Management Automation Suite ",
"version" : {
"version_data" : [
{
"version_value" : "2017.11, 2018.02, 2018.05"
}
]
}
},
{
"product_name" : "Data Center Automation Containerized Suite",
"version" : {
"version_data" : [
{
"version_value" : "2017.01 until 2018.05"
}
]
}
},
{
"product_name" : "Operations Bridge Containerized Suite",
"version" : {
"version_data" : [
{
"version_value" : "2017.11, 2018.02, 2018.05"
}
]
}
},
{
"product_name" : "Hybrid Cloud Management Containerized Suite",
"version" : {
"version_data" : [
{
"version_value" : "HCM2017.11, HCM2018.02, HCM2018.05"
}
]
}
}
]
},
"vendor_name" : "Micro Focus"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-08-30T17:00:00.000Z",
"ID": "CVE-2018-6498",
"STATE": "PUBLIC",
"TITLE": "Micro Focus Container Deployment Foundation (CDF), Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": " Network Operations Management (NOM) Suite CDF",
"version": {
"version_data": [
{
"version_value": "2017.11, 2018.02, 2018.05"
}
]
}
},
{
"product_name": "Service Management Automation Suite ",
"version": {
"version_data": [
{
"version_value": "2017.11, 2018.02, 2018.05"
}
]
}
},
{
"product_name": "Data Center Automation Containerized Suite",
"version": {
"version_data": [
{
"version_value": "2017.01 until 2018.05"
}
]
}
},
{
"product_name": "Operations Bridge Containerized Suite",
"version": {
"version_data": [
{
"version_value": "2017.11, 2018.02, 2018.05"
}
]
}
},
{
"product_name": "Hybrid Cloud Management Containerized Suite",
"version": {
"version_data": [
{
"version_value": "HCM2017.11, HCM2018.02, HCM2018.05"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632"
},
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667"
},
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669"
},
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678"
},
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

32
2019/0xxx/CVE-2019-0175.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0175",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0175",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/0xxx/CVE-2019-0954.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0954",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0954",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/1xxx/CVE-2019-1587.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1587",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1587",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

370
2019/1xxx/CVE-2019-1609.json
View File

@ -1,188 +1,188 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1609",
"STATE" : "PUBLIC",
"TITLE" : "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MDS 9000 Series Multilayer Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(27)"
},
{
"affected" : "<",
"version_value" : "8.1(1b)"
},
{
"affected" : "<",
"version_value" : "8.3(2)"
}
]
}
},
{
"product_name" : "Nexus 3500 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I7(6)"
}
]
}
},
{
"product_name" : "Nexus 3000 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I4(9)"
},
{
"affected" : "<",
"version_value" : "7.0(3)I7(6)"
}
]
}
},
{
"product_name" : "Nexus 3600 Platform Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)F3(5)"
}
]
}
},
{
"product_name" : "Nexus 7000 and 7700 Series Switches",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.2(22)"
},
{
"affected" : "<",
"version_value" : "7.3(3)D1(1)"
},
{
"affected" : "<",
"version_value" : "8.2(3)"
},
{
"affected" : "<",
"version_value" : "8.3(2)"
}
]
}
},
{
"product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I4(9)"
},
{
"affected" : "<",
"version_value" : "7.0(3)I7(6)"
}
]
}
},
{
"product_name" : "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.2",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1609",
"STATE": "PUBLIC",
"TITLE": "Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS 9000 Series Multilayer Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(27)"
},
{
"affected": "<",
"version_value": "8.1(1b)"
},
{
"affected": "<",
"version_value": "8.3(2)"
}
]
}
},
{
"product_name": "Nexus 3500 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I7(6)"
}
]
}
},
{
"product_name": "Nexus 3000 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(9)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(6)"
}
]
}
},
{
"product_name": "Nexus 3600 Platform Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
},
{
"product_name": "Nexus 7000 and 7700 Series Switches",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.2(22)"
},
{
"affected": "<",
"version_value": "7.3(3)D1(1)"
},
{
"affected": "<",
"version_value": "8.2(3)"
},
{
"affected": "<",
"version_value": "8.3(2)"
}
]
}
},
{
"product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I4(9)"
},
{
"affected": "<",
"version_value": "7.0(3)I7(6)"
}
]
}
},
{
"product_name": "Nexus 9500 R-Series Line Cards and Fabric Modules",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)F3(5)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"
},
{
"name" : "107341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107341"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nxos-cmdinj-1609",
"defect" : [
[
"CSCvj63253",
"CSCvk51387",
"CSCvk51388"
]
],
"discovery" : "INTERNAL"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(27), 8.1(1b), and 8.3(2). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(6). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(6). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), 8.2(3), and 8.3(2). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I4(9) and7.0(3)I7(6). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.2",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107341"
},
{
"name": "20190306 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1609)",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-cmdinj-1609",
"defect": [
[
"CSCvj63253",
"CSCvk51387",
"CSCvk51388"
]
],
"discovery": "INTERNAL"
}
}

32
2019/1xxx/CVE-2019-1866.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1866",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1866",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/1xxx/CVE-2019-1951.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1951",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1951",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/5xxx/CVE-2019-5020.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5020",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5020",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/5xxx/CVE-2019-5138.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5138",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5138",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/5xxx/CVE-2019-5203.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5203",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5203",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/5xxx/CVE-2019-5550.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5550",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5550",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}