admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:53:59 +00:00
parent 3275bae0ae
commit dc4ec30706
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4273 additions and 4273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0416.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0416", "ID": "CVE-2002-0416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020305 Buffer Overflows in sh39.com", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/259818" "lang": "eng",
}, "value": "Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port."
{ }
"name" : "4232", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4232" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sh39-mailserver-dos(8379)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8379.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4232"
},
{
"name": "20020305 Buffer Overflows in sh39.com",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/259818"
},
{
"name": "sh39-mailserver-dos(8379)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8379.php"
}
]
}
}

170
2002/0xxx/CVE-2002-0948.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0948", "ID": "CVE-2002-0948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020613 Re: SSI & CSS execution in MakeBook 2.2", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html" "lang": "eng",
}, "value": "Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered."
{ }
"name" : "20020612 SSI & CSS execution in MakeBook 2.2", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.tesol.net/scriptmail.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.tesol.net/scriptmail.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script", ]
"refsource" : "CONFIRM", }
"url" : "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script" ]
}, },
{ "references": {
"name" : "4996", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4996" "name": "4996",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4996"
"name" : "makebook-name-field-validation(9356)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9356.php" "name": "20020612 SSI & CSS execution in MakeBook 2.2",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html"
} },
} {
"name": "makebook-name-field-validation(9356)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9356.php"
},
{
"name": "http://www.tesol.net/scriptmail.html",
"refsource": "CONFIRM",
"url": "http://www.tesol.net/scriptmail.html"
},
{
"name": "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script",
"refsource": "CONFIRM",
"url": "http://www.linguistic-funland.com/scripts/MakeBook/makebook.script"
},
{
"name": "20020613 Re: SSI & CSS execution in MakeBook 2.2",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2113.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2113", "ID": "CVE-2002-2113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/securitynews/5WP0R2K60O.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/securitynews/5WP0R2K60O.html" "lang": "eng",
}, "value": "search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter."
{ }
"name" : "3985", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3985" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ahg-search-execute-commands(8032)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8032.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/securitynews/5WP0R2K60O.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5WP0R2K60O.html"
},
{
"name": "3985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3985"
},
{
"name": "ahg-search-execute-commands(8032)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8032.php"
}
]
}
}

34
2005/0xxx/CVE-2005-0062.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0062", "ID": "CVE-2005-0062",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2005/0xxx/CVE-2005-0254.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0254", "ID": "CVE-2005-0254",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110868948719773&w=2" "lang": "eng",
}, "value": "BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files."
{ }
"name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=110864983905770&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12583", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12583" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "12583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12583"
},
{
"name": "20050217 Advisory: Multiple Vulnerabilities in BibORB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2"
},
{
"name": "20050217 Advisory: Multiple Vulnerabilities in BibORB",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2"
}
]
}
}

140
2005/0xxx/CVE-2005-0506.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0506", "ID": "CVE-2005-0506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\\IP400\\Generic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050222 Avaya IP Office Phone Manager - Sensitive Information Cleartext", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110909733831694&w=2" "lang": "eng",
}, "value": "The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\\IP400\\Generic."
{ }
"name" : "20050222 Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110910486128709&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050222 Avaya IP Office Phone Manager - Sensitive Information Cleartext",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110909733831694&w=2"
},
{
"name": "20050222 Re: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110910486128709&w=2"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-041_Sensitive_Info_Leak.pdf"
}
]
}
}

120
2005/0xxx/CVE-2005-0724.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0724", "ID": "CVE-2005-0724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050308 Multiple vulnerabilities in paFileDB", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111031801802851&w=2" "lang": "eng",
} "value": "paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050308 Multiple vulnerabilities in paFileDB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111031801802851&w=2"
}
]
}
}

130
2005/0xxx/CVE-2005-0889.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0889", "ID": "CVE-2005-0889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "12895", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12895" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter."
{ }
"name" : "1013558", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1013558" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12895"
},
{
"name": "1013558",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013558"
}
]
}
}

120
2005/1xxx/CVE-2005-1355.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1355", "ID": "CVE-2005-1355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050424 remote command execution in includer.cgi script", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111445548126797&w=2" "lang": "eng",
} "value": "includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050424 remote command execution in includer.cgi script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111445548126797&w=2"
}
]
}
}

210
2005/1xxx/CVE-2005-1562.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1562", "ID": "CVE-2005-1562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111584883727605&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp."
{ }
"name" : "http://www.hackerscenter.com/archive/view.asp?id=2542", ]
"refsource" : "MISC", },
"url" : "http://www.hackerscenter.com/archive/view.asp?id=2542" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13601", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13601" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16502", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/16502" ]
}, },
{ "references": {
"name" : "16503", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16503" "name": "20050511 [HSC Security Group] MaxWebPortal - Multiple SQL injection/XSS",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=111584883727605&w=2"
"name" : "16504", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16504" "name": "http://www.hackerscenter.com/archive/view.asp?id=2542",
}, "refsource": "MISC",
{ "url": "http://www.hackerscenter.com/archive/view.asp?id=2542"
"name" : "16506", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16506" "name": "16504",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/16504"
"name" : "16510", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16510" "name": "maxwebportal-postasp-sql-injection(20562)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20562"
"name" : "15329", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15329" "name": "15329",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15329"
"name" : "maxwebportal-postasp-sql-injection(20562)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20562" "name": "13601",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/13601"
} },
} {
"name": "16506",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16506"
},
{
"name": "16502",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16502"
},
{
"name": "16503",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16503"
},
{
"name": "16510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16510"
}
]
}
}

150
2005/4xxx/CVE-2005-4036.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4036", "ID": "CVE-2005-4036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the \"remote URL.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the \"remote URL.\""
{ }
"name" : "15702", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15702" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2743", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2743" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17876", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17876" ]
} },
] "references": {
} "reference_data": [
} {
"name": "17876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17876"
},
{
"name": "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html"
},
{
"name": "15702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15702"
},
{
"name": "ADV-2005-2743",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2743"
}
]
}
}

130
2005/4xxx/CVE-2005-4266.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4266", "ID": "CVE-2005-4266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ipomonis.com/advisories/mdaemon.zip", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ipomonis.com/advisories/mdaemon.zip" "lang": "eng",
}, "value": "WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value."
{ }
"name" : "17990", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/17990" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipomonis.com/advisories/mdaemon.zip",
"refsource": "MISC",
"url": "http://www.ipomonis.com/advisories/mdaemon.zip"
},
{
"name": "17990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17990"
}
]
}
}

150
2005/4xxx/CVE-2005-4484.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4484", "ID": "CVE-2005-4484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp."
{ }
"name" : "16010", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16010" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-3039", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/3039" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18200", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18200" ]
} },
] "references": {
} "reference_data": [
} {
"name": "18200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18200"
},
{
"name": "ADV-2005-3039",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3039"
},
{
"name": "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/intranetapp-xss-vuln.html"
},
{
"name": "16010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16010"
}
]
}
}

300
2009/0xxx/CVE-2009-0163.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0163", "ID": "CVE-2009-0163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090417 rPSA-2009-0061-1 cups", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/502750/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow."
{ }
"name" : "http://www.cups.org/articles.php?L582", ]
"refsource" : "CONFIRM", },
"url" : "http://www.cups.org/articles.php?L582" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.cups.org/str.php?L3031", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.cups.org/str.php?L3031" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=490596", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=490596" ]
}, },
{ "references": {
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061" "name": "GLSA-200904-20",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
"name" : "DSA-1773", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1773" "name": "http://www.cups.org/articles.php?L582",
}, "refsource": "CONFIRM",
{ "url": "http://www.cups.org/articles.php?L582"
"name" : "GLSA-200904-20", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200904-20.xml" "name": "USN-760-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-760-1"
"name" : "RHSA-2009:0428", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0428.html" "name": "34481",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34481"
"name" : "RHSA-2009:0429", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html" "name": "RHSA-2009:0428",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0428.html"
"name" : "SUSE-SA:2009:024", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html" "name": "34571",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34571"
"name" : "USN-760-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-760-1" "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
"name" : "34571", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34571" "name": "34747",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34747"
"name" : "oval:org.mitre.oval:def:11546", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546" "name": "20090417 rPSA-2009-0061-1 cups",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
"name" : "1022070", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022070" "name": "SUSE-SA:2009:024",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
"name" : "34481", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34481" "name": "oval:org.mitre.oval:def:11546",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11546"
"name" : "34722", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34722" "name": "1022070",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022070"
"name" : "34852", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34852" "name": "34756",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34756"
"name" : "34756", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34756" "name": "34852",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34852"
"name" : "34747", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34747" "name": "http://www.cups.org/str.php?L3031",
} "refsource": "CONFIRM",
] "url": "http://www.cups.org/str.php?L3031"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490596",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490596"
},
{
"name": "34722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34722"
},
{
"name": "DSA-1773",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1773"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
}
]
}
}

180
2009/0xxx/CVE-2009-0194.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2009-0194", "ID": "CVE-2009-0194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a \"synchronisation error.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/503319/100/0/threaded" "lang": "eng",
}, "value": "The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web site specified by the user, which allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a \"synchronisation error.\""
{ }
"name" : "http://secunia.com/secunia_research/2009-16/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2009-16/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34858", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34858" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54258", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/54258" ]
}, },
{ "references": {
"name" : "1022173", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1022173" "name": "communicator-domain-security-bypass(50360)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50360"
"name" : "34326", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34326" "name": "http://secunia.com/secunia_research/2009-16/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2009-16/"
"name" : "communicator-domain-security-bypass(50360)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50360" "name": "1022173",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1022173"
} },
} {
"name": "20090507 Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503319/100/0/threaded"
},
{
"name": "34858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34858"
},
{
"name": "54258",
"refsource": "OSVDB",
"url": "http://osvdb.org/54258"
},
{
"name": "34326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34326"
}
]
}
}

170
2009/0xxx/CVE-2009-0445.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0445", "ID": "CVE-2009-0445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7968", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7968" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action."
{ }
"name" : "9451", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/9451" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33596", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33596" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51741", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/51741" ]
}, },
{ "references": {
"name" : "33730", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33730" "name": "7968",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/7968"
"name" : "dreampics-exhibitionid-sql-injection(48468)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48468" "name": "9451",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/9451"
} },
} {
"name": "33596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33596"
},
{
"name": "33730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33730"
},
{
"name": "dreampics-exhibitionid-sql-injection(48468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48468"
},
{
"name": "51741",
"refsource": "OSVDB",
"url": "http://osvdb.org/51741"
}
]
}
}

170
2009/0xxx/CVE-2009-0576.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0576", "ID": "CVE-2009-0576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1" "lang": "eng",
}, "value": "Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests."
{ }
"name" : "250086", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250086-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33732", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33732" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-0409", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/0409" ]
}, },
{ "references": {
"name" : "33850", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33850" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1",
}, "refsource": "CONFIRM",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1"
"name" : "sun-java-sds-ldap-dos(48662)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48662" "name": "33850",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/33850"
} },
} {
"name": "ADV-2009-0409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0409"
},
{
"name": "33732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33732"
},
{
"name": "250086",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250086-1"
},
{
"name": "sun-java-sds-ldap-dos(48662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48662"
}
]
}
}

200
2009/0xxx/CVE-2009-0714.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0714", "ID": "CVE-2009-0714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9006", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/9006" "lang": "eng",
}, "value": "Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets."
{ }
"name" : "9007", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/9007" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html", "description": [
"refsource" : "MISC", {
"url" : "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02417", ]
"refsource" : "HP", }
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543" ]
}, },
{ "references": {
"name" : "SSRT090031", "reference_data": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543" "name": "1022220",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022220"
"name" : "34955", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34955" "name": "HPSBMA02417",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543"
"name" : "1022220", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022220" "name": "SSRT090031",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543"
"name" : "35084", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35084" "name": "9007",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/9007"
"name" : "ADV-2009-1309", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1309" "name": "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html",
} "refsource": "MISC",
] "url": "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html"
} },
} {
"name": "35084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35084"
},
{
"name": "34955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34955"
},
{
"name": "ADV-2009-1309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1309"
},
{
"name": "9006",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/9006"
}
]
}
}

330
2009/1xxx/CVE-2009-1210.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1210", "ID": "CVE-2009-1210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090417 rPSA-2009-0062-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/502745/100/0/threaded" "lang": "eng",
}, "value": "Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information."
{ }
"name" : "8308", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8308" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062", ]
"refsource" : "CONFIRM", }
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062" ]
}, },
{ "references": {
"name" : "DSA-1785", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1785" "name": "http://www.wireshark.org/security/wnpa-sec-2009-02.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2009-02.html"
"name" : "FEDORA-2009-3599", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html" "name": "FEDORA-2009-5382",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html"
"name" : "FEDORA-2009-5339", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html" "name": "oval:org.mitre.oval:def:9526",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526"
"name" : "FEDORA-2009-5382", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html" "name": "34291",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34291"
"name" : "MDVSA-2009:088", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:088" "name": "FEDORA-2009-5339",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html"
"name" : "RHSA-2009:1100", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1100.html" "name": "35464",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35464"
"name" : "SUSE-SR:2009:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" "name": "RHSA-2009:1100",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1100.html"
"name" : "34291", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34291" "name": "34778",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34778"
"name" : "oval:org.mitre.oval:def:5976", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976" "name": "8308",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/8308"
"name" : "oval:org.mitre.oval:def:9526", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526" "name": "SUSE-SR:2009:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
"name" : "34542", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34542" "name": "oval:org.mitre.oval:def:5976",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976"
"name" : "34778", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34778" "name": "20090417 rPSA-2009-0062-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/502745/100/0/threaded"
"name" : "34970", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34970" "name": "34970",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34970"
"name" : "35133", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35133" "name": "DSA-1785",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1785"
"name" : "35224", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35224" "name": "35133",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35133"
"name" : "35416", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35416" "name": "FEDORA-2009-3599",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html"
"name" : "35464", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35464" "name": "wireshark-pndcp-format-string(49512)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49512"
"name" : "wireshark-pndcp-format-string(49512)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49512" "name": "35416",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/35416"
} },
} {
"name": "34542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34542"
},
{
"name": "MDVSA-2009:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:088"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0062",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0062"
},
{
"name": "35224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35224"
}
]
}
}

160
2009/1xxx/CVE-2009-1631.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1631", "ID": "CVE-2009-1631",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090512 CVE Request (evolution)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/05/12/6" "lang": "eng",
}, "value": "The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.gnome.org/show_bug.cgi?id=581604", "description": [
"refsource" : "MISC", {
"url" : "http://bugzilla.gnome.org/show_bug.cgi?id=581604" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=498648", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=498648" ]
}, },
{ "references": {
"name" : "34921", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34921" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409",
} "refsource": "MISC",
] "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=498648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=498648"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=581604",
"refsource": "MISC",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=581604"
},
{
"name": "34921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34921"
},
{
"name": "[oss-security] 20090512 CVE Request (evolution)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/12/6"
}
]
}
}

150
2009/1xxx/CVE-2009-1655.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1655", "ID": "CVE-2009-1655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8690", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8690" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password."
{ }
"name" : "34975", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34975" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54502", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/54502" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35067", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35067" ]
} },
] "references": {
} "reference_data": [
} {
"name": "34975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34975"
},
{
"name": "8690",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8690"
},
{
"name": "35067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35067"
},
{
"name": "54502",
"refsource": "OSVDB",
"url": "http://osvdb.org/54502"
}
]
}
}

130
2009/4xxx/CVE-2009-4218.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4218", "ID": "CVE-2009-4218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "37045", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37045" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "jiro-login-sql-injection(54382)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54382" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jiro-login-sql-injection(54382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54382"
},
{
"name": "37045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37045"
}
]
}
}

140
2009/4xxx/CVE-2009-4838.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4838", "ID": "CVE-2009-4838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://base.secureideas.net/news.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://base.secureideas.net/news.php" "lang": "eng",
}, "value": "SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view", ]
"refsource" : "CONFIRM", },
"url" : "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35222", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35222" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view",
"refsource": "CONFIRM",
"url": "http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/base_ag_common.php?sortby=date&view"
},
{
"name": "35222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35222"
},
{
"name": "http://base.secureideas.net/news.php",
"refsource": "CONFIRM",
"url": "http://base.secureideas.net/news.php"
}
]
}
}

200
2012/2xxx/CVE-2012-2298.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2298", "ID": "CVE-2012-2298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \"user names in page titles\" and (2) \"autocomplete callbacks.\""
{ }
"name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1547660", "description": [
"refsource" : "MISC", {
"url" : "http://drupal.org/node/1547660" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupal.org/node/1547352", ]
"refsource" : "CONFIRM", }
"url" : "http://drupal.org/node/1547352" ]
}, },
{ "references": {
"name" : "http://drupalcode.org/project/realname.git/commitdiff/41786d0", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupalcode.org/project/realname.git/commitdiff/41786d0" "name": "http://drupalcode.org/project/realname.git/commitdiff/b920794",
}, "refsource": "CONFIRM",
{ "url": "http://drupalcode.org/project/realname.git/commitdiff/b920794"
"name" : "http://drupalcode.org/project/realname.git/commitdiff/b920794", },
"refsource" : "CONFIRM", {
"url" : "http://drupalcode.org/project/realname.git/commitdiff/b920794" "name": "http://drupal.org/node/1547660",
}, "refsource": "MISC",
{ "url": "http://drupal.org/node/1547660"
"name" : "53250", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53250" "name": "48936",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48936"
"name" : "48936", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48936" "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
"name" : "realname-unspecified-xss(75181)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181" "name": "53250",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/53250"
} },
} {
"name": "realname-unspecified-xss(75181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75181"
},
{
"name": "http://drupal.org/node/1547352",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547352"
},
{
"name": "http://drupalcode.org/project/realname.git/commitdiff/41786d0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/realname.git/commitdiff/41786d0"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
}
]
}
}

120
2012/2xxx/CVE-2012-2590.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2590", "ID": "CVE-2012-2590",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV=\"Set-Cookie\" META element, or (4) an innerHTML attribute within an XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20350", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/20350/" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV=\"Set-Cookie\" META element, or (4) an innerHTML attribute within an XML document."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20350",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20350/"
}
]
}
}

140
2012/2xxx/CVE-2012-2641.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-2641", "ID": "CVE-2012-2641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zenphoto.org/news/zenphoto-1.4.3", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.zenphoto.org/news/zenphoto-1.4.3" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library."
{ }
"name" : "JVN#59842447", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN59842447/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2012-000065", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.3",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.3"
},
{
"name": "JVNDB-2012-000065",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065"
},
{
"name": "JVN#59842447",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59842447/index.html"
}
]
}
}

190
2012/2xxx/CVE-2012-2812.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2812", "ID": "CVE-2012-2812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[libexif-devel] 20120712 libexif project security advisory July 12, 2012", "description_data": [
"refsource" : "MLIST", {
"url" : "http://sourceforge.net/mailarchive/message.php?msg_id=29534027" "lang": "eng",
}, "value": "The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image."
{ }
"name" : "DSA-2559", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2012/dsa-2559" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2012:1255", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1255.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2012:0902", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2012:0903", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html" "name": "54437",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54437"
"name" : "USN-1513-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1513-1" "name": "DSA-2559",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2559"
"name" : "54437", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54437" "name": "SUSE-SU-2012:0903",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00015.html"
"name" : "49988", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49988" "name": "[libexif-devel] 20120712 libexif project security advisory July 12, 2012",
} "refsource": "MLIST",
] "url": "http://sourceforge.net/mailarchive/message.php?msg_id=29534027"
} },
} {
"name": "49988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49988"
},
{
"name": "RHSA-2012:1255",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1255.html"
},
{
"name": "USN-1513-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1513-1"
},
{
"name": "SUSE-SU-2012:0902",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00014.html"
}
]
}
}

140
2012/3xxx/CVE-2012-3194.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3194", "ID": "CVE-2012-3194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "86391", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86391" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "86391",
"refsource": "OSVDB",
"url": "http://osvdb.org/86391"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2012/3xxx/CVE-2012-3329.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-3329", "ID": "CVE-2012-3329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090" "lang": "eng",
}, "value": "IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file."
{ }
"name" : "ibm-asu-symlink(78044)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78044" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-asu-symlink(78044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78044"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5092090"
}
]
}
}

170
2012/3xxx/CVE-2012-3444.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3444", "ID": "CVE-2012-3444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/31/1" "lang": "eng",
}, "value": "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image."
{ }
"name" : "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/07/31/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2529", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2529" ]
}, },
{ "references": {
"name" : "MDVSA-2012:143", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143" "name": "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/31/1"
"name" : "USN-1560-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1560-1" "name": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/",
} "refsource": "CONFIRM",
] "url": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/"
} },
} {
"name": "MDVSA-2012:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143"
},
{
"name": "USN-1560-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1560-1"
},
{
"name": "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/2"
},
{
"name": "DSA-2529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2529"
}
]
}
}

340
2012/3xxx/CVE-2012-3496.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3496", "ID": "CVE-2012-3496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Xen-announce] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html" "lang": "eng",
}, "value": "XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand."
{ }
"name" : "[oss-security] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/09/05/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=854590", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=854590" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.citrix.com/article/CTX134708", ]
"refsource" : "CONFIRM", }
"url" : "http://support.citrix.com/article/CTX134708" ]
}, },
{ "references": {
"name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability" "name": "55082",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55082"
"name" : "DSA-2544", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2544" "name": "50530",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50530"
"name" : "GLSA-201309-24", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" "name": "51413",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51413"
"name" : "GLSA-201604-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201604-03" "name": "GLSA-201309-24",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
"name" : "openSUSE-SU-2012:1172", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=854590",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854590"
"name" : "openSUSE-SU-2012:1174", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html" "name": "1027481",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1027481"
"name" : "SUSE-SU-2012:1132", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html" "name": "openSUSE-SU-2012:1572",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
"name" : "SUSE-SU-2012:1133", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html" "name": "50472",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50472"
"name" : "SUSE-SU-2012:1162", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html" "name": "xen-xenmempopulatephysmap-dos(78267)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78267"
"name" : "openSUSE-SU-2012:1572", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" "name": "[oss-security] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/09/05/7"
"name" : "openSUSE-SU-2012:1573", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" "name": "[Xen-announce] 20120905 Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability",
}, "refsource": "MLIST",
{ "url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00002.html"
"name" : "55412", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55412" "name": "55412",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55412"
"name" : "85200", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/85200" "name": "85200",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/85200"
"name" : "1027481", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1027481" "name": "SUSE-SU-2012:1162",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
"name" : "50472", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50472" "name": "openSUSE-SU-2012:1174",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
"name" : "50530", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50530" "name": "GLSA-201604-03",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201604-03"
"name" : "51413", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51413" "name": "SUSE-SU-2012:1132",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
"name" : "55082", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55082" "name": "http://support.citrix.com/article/CTX134708",
}, "refsource": "CONFIRM",
{ "url": "http://support.citrix.com/article/CTX134708"
"name" : "xen-xenmempopulatephysmap-dos(78267)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78267" "name": "SUSE-SU-2012:1133",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
} },
} {
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability",
"refsource": "CONFIRM",
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-14_XENMEM_populate_physmap_DoS_vulnerability"
},
{
"name": "openSUSE-SU-2012:1172",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name": "DSA-2544",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2544"
}
]
}
}

34
2012/6xxx/CVE-2012-6490.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6490", "ID": "CVE-2012-6490",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2012/6xxx/CVE-2012-6698.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6698", "ID": "CVE-2012-6698",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/12/02/1" "lang": "eng",
}, "value": "The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response."
{ }
"name" : "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/12/03/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch", ]
"refsource" : "CONFIRM", }
"url" : "https://launchpadlibrarian.net/228152582/dhcp.c.patch" ]
}, },
{ "references": {
"name" : "DSA-3534", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3534" "name": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226",
} "refsource": "CONFIRM",
] "url": "https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226"
} },
} {
"name": "[oss-security] 20151202 CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/02/1"
},
{
"name": "https://launchpadlibrarian.net/228152582/dhcp.c.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/228152582/dhcp.c.patch"
},
{
"name": "DSA-3534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3534"
},
{
"name": "[oss-security] 20151203 Re: CVE Request: dhcpcd 3.x, potentially other versions too",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/03/1"
}
]
}
}

150
2015/1xxx/CVE-2015-1953.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1953", "ID": "CVE-2015-1953",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-273", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-273" "lang": "eng",
}, "value": "Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959398" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "75456", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75456" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032773", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032773" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1032773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032773"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-273",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-273"
},
{
"name": "75456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75456"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959398"
}
]
}
}

34
2015/5xxx/CVE-2015-5056.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5056", "ID": "CVE-2015-5056",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2015/5xxx/CVE-2015-5479.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5479", "ID": "CVE-2015-5479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/" "lang": "eng",
}, "value": "The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions."
{ }
"name" : "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b", ]
"refsource" : "CONFIRM", },
"url" : "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://libav.org/releases/libav-11.5.changelog", "description": [
"refsource" : "CONFIRM", {
"url" : "https://libav.org/releases/libav-11.5.changelog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2016:1685", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html" ]
}, },
{ "references": {
"name" : "USN-2944-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2944-1" "name": "openSUSE-SU-2016:1685",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html"
"name" : "75932", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75932" "name": "https://libav.org/releases/libav-11.5.changelog",
} "refsource": "CONFIRM",
] "url": "https://libav.org/releases/libav-11.5.changelog"
} },
} {
"name": "USN-2944-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2944-1"
},
{
"name": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba/"
},
{
"name": "75932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75932"
},
{
"name": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b",
"refsource": "CONFIRM",
"url": "https://git.libav.org/?p=libav.git;a=commitdiff;h=0a49a62f998747cfa564d98d36a459fe70d3299b"
}
]
}
}

240
2015/5xxx/CVE-2015-5576.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-5576", "ID": "CVE-2015-5576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html" "lang": "eng",
}, "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors."
{ }
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841", ]
"refsource" : "CONFIRM", },
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "description": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", ]
"refsource" : "CONFIRM", }
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" ]
}, },
{ "references": {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" "name": "RHSA-2015:1814",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
"name" : "GLSA-201509-07", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201509-07" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
"name" : "RHSA-2015:1814", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html" "name": "76802",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/76802"
"name" : "openSUSE-SU-2015:1781", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html" "name": "openSUSE-SU-2015:1616",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
"name" : "SUSE-SU-2015:1614", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html" "name": "1033629",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033629"
"name" : "SUSE-SU-2015:1618", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html" "name": "SUSE-SU-2015:1618",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
"name" : "openSUSE-SU-2015:1616", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html" "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
}, "refsource": "CONFIRM",
{ "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
"name" : "76802", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76802" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
"name" : "1033629", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033629" "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
} "refsource": "CONFIRM",
] "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
} },
} {
"name": "SUSE-SU-2015:1614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name": "GLSA-201509-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-07"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
}
]
}
}

170
2015/5xxx/CVE-2015-5705.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2015-5705", "ID": "CVE-2015-5705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/08/01/7" "lang": "eng",
}, "value": "Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename."
{ }
"name" : "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2", ]
"refsource" : "CONFIRM", },
"url" : "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249645", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1249645" ]
}, },
{ "references": {
"name" : "FEDORA-2015-12699", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html" "name": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2",
}, "refsource": "CONFIRM",
{ "url": "https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2"
"name" : "FEDORA-2015-12716", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249645"
} },
} {
"name": "FEDORA-2015-12716",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260"
},
{
"name": "FEDORA-2015-12699",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html"
},
{
"name": "[oss-security] 20150801 Re: CVE Request: devscripts: licensecheck: arbitrary shell command injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/7"
}
]
}
}

160
2017/2xxx/CVE-2017-2987.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2987", "ID": "CVE-2017-2987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 24.0.0.194 and earlier.", "product_name": "Adobe Flash Player 24.0.0.194 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 24.0.0.194 and earlier." "version_value": "Adobe Flash Player 24.0.0.194 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" "lang": "eng",
}, "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "GLSA-201702-20", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201702-20" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:0275", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html" "lang": "eng",
}, "value": "Integer Overflow"
{ }
"name" : "96194", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/96194" ]
}, },
{ "references": {
"name" : "1037815", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037815" "name": "96194",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/96194"
} },
} {
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name": "RHSA-2017:0275",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
},
{
"name": "1037815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037815"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
}
]
}
}

120
2018/11xxx/CVE-2018-11024.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11024", "ID": "CVE-2018-11024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md" "lang": "eng",
} "value": "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md",
"refsource": "MISC",
"url": "https://github.com/datadancer/HIAFuzz/blob/master/CVEs.md"
}
]
}
}

130
2018/11xxx/CVE-2018-11404.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11404", "ID": "CVE-2018-11404",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44783", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44783/" "lang": "eng",
}, "value": "DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter."
{ }
"name" : "https://github.com/domainmod/domainmod/issues/63", ]
"refsource" : "MISC", },
"url" : "https://github.com/domainmod/domainmod/issues/63" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/domainmod/domainmod/issues/63",
"refsource": "MISC",
"url": "https://github.com/domainmod/domainmod/issues/63"
},
{
"name": "44783",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44783/"
}
]
}
}

132
2018/11xxx/CVE-2018-11761.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-09-19T00:00:00", "DATE_PUBLIC": "2018-09-19T00:00:00",
"ID" : "CVE-2018-11761", "ID": "CVE-2018-11761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Tika", "product_name": "Apache Tika",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.1 to 1.18" "version_value": "0.1 to 1.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service via XML Entity Expansion"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" "lang": "eng",
}, "value": "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
{ }
"name" : "105514", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105514" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of Service via XML Entity Expansion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105514"
},
{
"name": "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
}
]
}
}

34
2018/14xxx/CVE-2018-14464.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14464", "ID": "CVE-2018-14464",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15166", "ID": "CVE-2018-15166",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15282.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15282", "ID": "CVE-2018-15282",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/15xxx/CVE-2018-15356.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnerability@kaspersky.com", "ASSIGNER": "vulnerability@kaspersky.com",
"ID" : "CVE-2018-15356", "ID": "CVE-2018-15356",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Eltex ESP-200", "product_name": "Eltex ESP-200",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.2.0" "version_value": "1.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Kaspersky Lab" "vendor_name": "Kaspersky Lab"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "An authenticated attacker can execute arbitrary code using command ejection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/" "lang": "eng",
} "value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
]
}
}

120
2018/15xxx/CVE-2018-15822.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15822", "ID": "CVE-2018-15822",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10" "lang": "eng",
} "value": "The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10"
}
]
}
}

166
2018/3xxx/CVE-2018-3028.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3028", "ID": "CVE-2018-3028",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Investor Servicing", "product_name": "FLEXCUBE Investor Servicing",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.4" "version_value": "12.0.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.0" "version_value": "12.1.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.3.0" "version_value": "12.3.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.4.0" "version_value": "12.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
{ }
"name" : "104793", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104793" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041307", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041307" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
},
{
"name": "104793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104793"
}
]
}
}

228
2018/3xxx/CVE-2018-3066.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3066", "ID": "CVE-2018-3066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.5.60 and prior" "version_value": "5.5.60 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.6.40 and prior" "version_value": "5.6.40 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.22 and prior" "version_value": "5.7.22 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)."
{ }
"name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", ]
"refsource" : "CONFIRM", }
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" ]
}, },
{ "references": {
"name" : "DSA-4341", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4341" "name": "DSA-4341",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4341"
"name" : "RHSA-2018:3655", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3655" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "USN-3725-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3725-1/" "name": "USN-3725-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3725-1/"
"name" : "USN-3725-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3725-2/" "name": "1041294",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041294"
"name" : "104766", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104766" "name": "RHSA-2018:3655",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3655"
"name" : "1041294", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041294" "name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update",
} "refsource": "MLIST",
] "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html"
} },
} {
"name": "USN-3725-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3725-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html"
},
{
"name": "104766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104766"
}
]
}
}

150
2018/3xxx/CVE-2018-3076.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3076", "ID": "CVE-2018-3076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise CS Financial Aid", "product_name": "PeopleSoft Enterprise CS Financial Aid",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.2" "version_value": "9.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise CS Financial Aid component of Oracle PeopleSoft Products (subcomponent: ISIR Processing). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "104830", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104830" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041306", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041306" "lang": "eng",
} "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Financial Aid. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Financial Aid accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104830"
},
{
"name": "1041306",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041306"
}
]
}
}

140
2018/3xxx/CVE-2018-3128.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3128", "ID": "CVE-2018-3128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Reporting and Analytics", "product_name": "Hospitality Reporting and Analytics",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.1" "version_value": "9.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
{ }
"name" : "105650", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105650" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Report privilege with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105650"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

200
2018/8xxx/CVE-2018-8179.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8179", "ID": "CVE-2018-8179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179" "lang": "eng",
}, "value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge."
{ }
"name" : "104077", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104077" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040844", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040844" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104077"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8179"
},
{
"name": "1040844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040844"
}
]
}
}

342
2018/8xxx/CVE-2018-8372.json
View File

@ -1,173 +1,173 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8372", "ID": "CVE-2018-8372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ChakraCore", "product_name": "ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore" "version_value": "ChakraCore"
} }
] ]
} }
}, },
{ {
"product_name" : "Internet Explorer 11", "product_name": "Internet Explorer 11",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1" "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 7 for x64-based Systems Service Pack 1" "version_value": "Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 8.1 for 32-bit systems" "version_value": "Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "Windows 8.1 for x64-based systems" "version_value": "Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
}, },
{ {
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows Server 2012 R2" "version_value": "Windows Server 2012 R2"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
}, },
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390."
{ }
"name" : "105038", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105038" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041457", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041457" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105038"
},
{
"name": "1041457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041457"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8372"
}
]
}
}

172
2018/8xxx/CVE-2018-8579.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8579", "ID": "CVE-2018-8579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2019 for 32-bit editions" "version_value": "2019 for 32-bit editions"
}, },
{ {
"version_value" : "2019 for 64-bit editions" "version_value": "2019 for 64-bit editions"
} }
] ]
} }
}, },
{ {
"product_name" : "Office", "product_name": "Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "365 ProPlus for 32-bit Systems" "version_value": "365 ProPlus for 32-bit Systems"
}, },
{ {
"version_value" : "365 ProPlus for 64-bit Systems" "version_value": "365 ProPlus for 64-bit Systems"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when attaching files to Outlook messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579" "lang": "eng",
}, "value": "An information disclosure vulnerability exists when attaching files to Outlook messages, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8558."
{ }
"name" : "105828", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105828" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1042132", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1042132" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105828"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8579"
},
{
"name": "1042132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042132"
}
]
}
}

172
2018/8xxx/CVE-2018-8792.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC" : "2019-02-05T00:00:00", "DATE_PUBLIC": "2019-02-05T00:00:00",
"ID" : "CVE-2018-8792", "ID": "CVE-2018-8792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "rdesktop", "product_name": "rdesktop",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions up to and including v1.8.3" "version_value": "All versions up to and including v1.8.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Check Point Software Technologies Ltd." "vendor_name": "Check Point Software Technologies Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-126: Buffer Over-read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" "lang": "eng",
}, "value": "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault)."
{ }
"name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", ]
"refsource" : "CONFIRM", },
"url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" "lang": "eng",
}, "value": "CWE-126: Buffer Over-read"
{ }
"name" : "DSA-4394", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2019/dsa-4394" ]
}, },
{ "references": {
"name" : "GLSA-201903-06", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201903-06" "name": "106938",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/106938"
"name" : "106938", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106938" "name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
} "refsource": "MISC",
] "url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
} },
} {
"name": "GLSA-201903-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
}
]
}
}