admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:48:26 +00:00
parent 74abf6d8cc
commit dd790ecbb7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4398 additions and 4398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
1999/1xxx/CVE-1999-1190.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1190", "ID": "CVE-1999-1190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long \"From\" header in an e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html" "lang": "eng",
}, "value": "Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long \"From\" header in an e-mail message."
{ }
"name" : "801", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/801" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html"
},
{
"name": "801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/801"
}
]
}
} }

128
1999/1xxx/CVE-1999-1268.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1268", "ID": "CVE-1999-1268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2", "description_data": [
"refsource" : "MISC", {
"url" : "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2" "lang": "eng",
}, "value": "Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices."
{ }
"name" : "kde-konsole-hijack(1645)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1645" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kde-konsole-hijack(1645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1645"
},
{
"name": "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2",
"refsource": "MISC",
"url": "http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2"
}
]
}
} }

128
1999/1xxx/CVE-1999-1285.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1285", "ID": "CVE-1999-1285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19981227 [patch] fix for urandom read(2) not interruptible", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=91495921611500&w=2" "lang": "eng",
}, "value": "Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed."
{ }
"name" : "linux-random-read-dos(1472)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1472" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981227 [patch] fix for urandom read(2) not interruptible",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=91495921611500&w=2"
},
{
"name": "linux-random-read-dos(1472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1472"
}
]
}
} }

128
2000/0xxx/CVE-2000-0386.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0386", "ID": "CVE-2000-0386",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html" "lang": "eng",
}, "value": "FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email."
{ }
"name" : "http://www.filemaker.com/support/webcompanion.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.filemaker.com/support/webcompanion.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.filemaker.com/support/webcompanion.html",
"refsource": "CONFIRM",
"url": "http://www.filemaker.com/support/webcompanion.html"
},
{
"name": "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html",
"refsource": "MISC",
"url": "http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html"
}
]
}
} }

138
2000/0xxx/CVE-2000-0600.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-0600", "ID": "CVE-2000-0600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html" "lang": "eng",
}, "value": "Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL."
{ }
"name" : "1393", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1393" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netscape-virtual-directory-bo(4780)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4780" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "netscape-virtual-directory-bo(4780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4780"
},
{
"name": "1393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1393"
},
{
"name": "20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html"
}
]
}
} }

128
2000/1xxx/CVE-2000-1114.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1114", "ID": "CVE-2000-1114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as \".\", or \"+\", or \"%20\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001121 Disclosure of JSP source code with ServletExec AS v3.0c + web ins tance", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html" "lang": "eng",
}, "value": "Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as \".\", or \"+\", or \"%20\"."
{ }
"name" : "1970", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/1970" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001121 Disclosure of JSP source code with ServletExec AS v3.0c + web ins tance",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html"
},
{
"name": "1970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1970"
}
]
}
} }

128
2000/1xxx/CVE-2000-1219.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1219", "ID": "CVE-2000-1219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html" "lang": "eng",
}, "value": "The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows."
{ }
"name" : "VU#540517", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/540517" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#540517",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/540517"
},
{
"name": "[gcc-bugs] 20020506 c/6586: -ftrapv doesn't catch multiplication overflow",
"refsource": "MLIST",
"url": "http://gcc.gnu.org/ml/gcc-bugs/2002-05/msg00198.html"
}
]
}
} }

118
2005/2xxx/CVE-2005-2320.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2320", "ID": "CVE-2005-2320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14072", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14072" "lang": "eng",
} "value": "WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14072"
}
]
}
} }

188
2005/2xxx/CVE-2005-2715.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2715", "ID": "CVE-2005-2715",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html" "lang": "eng",
}, "value": "Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command."
{ }
"name" : "http://www.symantec.com/avcenter/security/Content/2005.10.12.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.symantec.com/avcenter/security/Content/2005.10.12.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://seer.support.veritas.com/docs/279085.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://seer.support.veritas.com/docs/279085.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102054", ]
"refsource" : "SUNALERT", }
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102054-1" ]
}, },
{ "references": {
"name" : "VU#495556", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/495556" "name": "http://www.symantec.com/avcenter/security/Content/2005.10.12.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.symantec.com/avcenter/security/Content/2005.10.12.html"
"name" : "15079", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15079" "name": "17181",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17181"
"name" : "1015028", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015028" "name": "http://seer.support.veritas.com/docs/279085.htm",
}, "refsource": "CONFIRM",
{ "url": "http://seer.support.veritas.com/docs/279085.htm"
"name" : "17181", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17181" "name": "VU#495556",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/495556"
} },
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-05-001.html"
},
{
"name": "15079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15079"
},
{
"name": "1015028",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015028"
},
{
"name": "102054",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102054-1"
}
]
}
} }

158
2005/2xxx/CVE-2005-2792.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2792", "ID": "CVE-2005-2792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112542447219235&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter."
{ }
"name" : "http://www.rgod.altervista.org/phpldap.html", ]
"refsource" : "MISC", },
"url" : "http://www.rgod.altervista.org/phpldap.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14695", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14695" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16617", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16617/" ]
}, },
{ "references": {
"name" : "phpldapadmin-welcome-file-include(22103)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103" "name": "16617",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/16617/"
} },
{
"name": "phpldapadmin-welcome-file-include(22103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103"
},
{
"name": "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112542447219235&w=2"
},
{
"name": "14695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14695"
},
{
"name": "http://www.rgod.altervista.org/phpldap.html",
"refsource": "MISC",
"url": "http://www.rgod.altervista.org/phpldap.html"
}
]
}
} }

278
2005/2xxx/CVE-2005-2964.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-2964", "ID": "CVE-2005-2964",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.abiword.org/release-notes/2.2.10.phtml", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.abiword.org/release-notes/2.2.10.phtml" "lang": "eng",
}, "value": "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism."
{ }
"name" : "DSA-894", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-894" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200509-20", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200510-04", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml" ]
}, },
{ "references": {
"name" : "SUSE-SR:2005:023", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_23_sr.html" "name": "USN-188-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-188-1"
"name" : "USN-188-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-188-1" "name": "http://www.abiword.org/release-notes/2.2.10.phtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.abiword.org/release-notes/2.2.10.phtml"
"name" : "14971", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14971" "name": "1014982",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014982"
"name" : "19717", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19717" "name": "GLSA-200509-20",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml"
"name" : "1014982", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014982" "name": "DSA-894",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-894"
"name" : "16982", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16982" "name": "14971",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14971"
"name" : "17052", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17052" "name": "17551",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17551"
"name" : "17070", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17070" "name": "17052",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17052"
"name" : "17215", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17215" "name": "abiword-rtf-importer-bo(22454)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454"
"name" : "17551", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17551" "name": "GLSA-200510-04",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml"
"name" : "16990", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16990" "name": "17070",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17070"
"name" : "17012", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17012" "name": "16982",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/16982"
"name" : "abiword-rtf-importer-bo(22454)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454" "name": "19717",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/19717"
} },
{
"name": "17215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17215"
},
{
"name": "16990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16990"
},
{
"name": "SUSE-SR:2005:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
},
{
"name": "17012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17012"
}
]
}
} }

428
2005/3xxx/CVE-2005-3011.json
View File

@ -1,217 +1,217 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3011", "ID": "CVE-2005-3011",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" "lang": "eng",
}, "value": "The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" ]
}, },
{ "references": {
"name" : "http://docs.info.apple.com/article.html?artnum=305530", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=305530" "name": "http://docs.info.apple.com/article.html?artnum=305530",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=305530"
"name" : "APPLE-SA-2007-05-24", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html" "name": "USN-194-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-194-1"
"name" : "DSA-1219", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1219" "name": "RHSA-2006:0727",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html"
"name" : "FreeBSD-SA-06:01", },
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc" "name": "ADV-2007-1939",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1939"
"name" : "GLSA-200510-04", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml" "name": "TSLSA-2005-0059",
}, "refsource": "TRUSTIX",
{ "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
"name" : "MDKSA-2005:175", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:175" "name": "APPLE-SA-2007-05-24",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
"name" : "RHSA-2006:0727", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0727.html" "name": "25402",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25402"
"name" : "20061101-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
"name" : "SUSE-SR:2005:023", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_23_sr.html" "name": "17076",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17076"
"name" : "TSLSA-2005-0059", },
"refsource" : "TRUSTIX", {
"url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html" "name": "18401",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18401"
"name" : "USN-194-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-194-1" "name": "MDKSA-2005:175",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:175"
"name" : "14854", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14854" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365"
"name" : "oval:org.mitre.oval:def:10589", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589" "name": "17211",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17211"
"name" : "ADV-2007-1267", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1267" "name": "ADV-2007-1267",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1267"
"name" : "ADV-2007-1939", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1939" "name": "14854",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14854"
"name" : "1015468", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015468" "name": "23112",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23112"
"name" : "1014992", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014992" "name": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html"
"name" : "16816", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16816" "name": "17093",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17093"
"name" : "18401", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18401" "name": "20061101-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
"name" : "17070", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17070" "name": "24788",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24788"
"name" : "17076", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17076" "name": "16816",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/16816"
"name" : "17093", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17093" "name": "22929",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22929"
"name" : "17211", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17211" "name": "GLSA-200510-04",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml"
"name" : "17215", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17215" "name": "17070",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17070"
"name" : "22929", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22929" "name": "FreeBSD-SA-06:01",
}, "refsource": "FREEBSD",
{ "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc"
"name" : "23112", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23112" "name": "1015468",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015468"
"name" : "24788", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24788" "name": "1014992",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014992"
"name" : "25402", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25402" "name": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html",
} "refsource": "CONFIRM",
] "url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html"
} },
{
"name": "17215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17215"
},
{
"name": "oval:org.mitre.oval:def:10589",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589"
},
{
"name": "DSA-1219",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1219"
},
{
"name": "SUSE-SR:2005:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
}
]
}
} }

248
2005/3xxx/CVE-2005-3042.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3042", "ID": "CVE-2005-3042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html" "lang": "eng",
}, "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
{ }
"name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html", ]
"refsource" : "MISC", },
"url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.webmin.com/changes-1.230.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.webmin.com/changes-1.230.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.webmin.com/uchanges-1.160.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.webmin.com/uchanges-1.160.html" ]
}, },
{ "references": {
"name" : "GLSA-200509-17", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml" "name": "16858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/16858"
"name" : "MDKSA-2005:176", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176" "name": "17282",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17282"
"name" : "SUSE-SR:2005:024", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_24_sr.html" "name": "GLSA-200509-17",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
"name" : "JVN#40940493", },
"refsource" : "JVN", {
"url" : "http://jvn.jp/jp/JVN%2340940493/index.html" "name": "19575",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/19575"
"name" : "14889", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14889" "name": "17",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/17"
"name" : "ADV-2005-1791", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/1791" "name": "14889",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14889"
"name" : "19575", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19575" "name": "ADV-2005-1791",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/1791"
"name" : "16858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16858" "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
}, "refsource": "MISC",
{ "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
"name" : "17282", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17282" "name": "MDKSA-2005:176",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
"name" : "17", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/17" "name": "SUSE-SR:2005:024",
} "refsource": "SUSE",
] "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
} },
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"name": "http://www.webmin.com/changes-1.230.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"name": "http://www.webmin.com/uchanges-1.160.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
]
}
} }

198
2005/3xxx/CVE-2005-3069.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3069", "ID": "CVE-2005-3069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384" "lang": "eng",
}, "value": "xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file."
{ }
"name" : "DSA-865", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-865" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200509-21", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2005:177", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:177" ]
}, },
{ "references": {
"name" : "14907", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14907" "name": "17022",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17022"
"name" : "17022", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17022" "name": "14907",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/14907"
"name" : "16906", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16906" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384"
"name" : "17107", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17107" "name": "DSA-865",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-865"
"name" : "17187", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17187" "name": "GLSA-200509-21",
} "refsource": "GENTOO",
] "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-21.xml"
} },
{
"name": "MDKSA-2005:177",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:177"
},
{
"name": "16906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16906"
},
{
"name": "17187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17187"
},
{
"name": "17107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17107"
}
]
}
} }

208
2005/3xxx/CVE-2005-3109.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3109", "ID": "CVE-2005-3109",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f" "lang": "eng",
}, "value": "The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus."
{ }
"name" : "DSA-922", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-922" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA:157459-3", "description": [
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2006:0101", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html" ]
}, },
{ "references": {
"name" : "USN-199-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-199-1" "name": "oval:org.mitre.oval:def:10777",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10777"
"name" : "15049", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15049" "name": "18056",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18056"
"name" : "oval:org.mitre.oval:def:10777", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10777" "name": "RHSA-2006:0101",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
"name" : "18056", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18056" "name": "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=945b092011c6af71a0107be96e119c8c08776f3f"
"name" : "18510", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18510" "name": "DSA-922",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-922"
"name" : "17141", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17141" "name": "15049",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15049"
} },
{
"name": "18510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18510"
},
{
"name": "17141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17141"
},
{
"name": "USN-199-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-199-1"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
}
]
}
} }

188
2005/3xxx/CVE-2005-3265.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3265", "ID": "CVE-2005-3265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.pentest.co.uk/documents/ptl-2005-01.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.pentest.co.uk/documents/ptl-2005-01.html" "lang": "eng",
}, "value": "Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine."
{ }
"name" : "http://skype.com/security/skype-sb-2005-02.html", ]
"refsource" : "CONFIRM", },
"url" : "http://skype.com/security/skype-sb-2005-02.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#930345", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/930345" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#668193", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/668193" ]
}, },
{ "references": {
"name" : "15190", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15190" "name": "http://www.pentest.co.uk/documents/ptl-2005-01.html",
}, "refsource": "MISC",
{ "url": "http://www.pentest.co.uk/documents/ptl-2005-01.html"
"name" : "ADV-2005-2197", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2197" "name": "VU#668193",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/668193"
"name" : "17305", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17305/" "name": "17305",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17305/"
"name" : "skype-uri-bo(22848)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848" "name": "ADV-2005-2197",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/2197"
} },
{
"name": "VU#930345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/930345"
},
{
"name": "skype-uri-bo(22848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22848"
},
{
"name": "15190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15190"
},
{
"name": "http://skype.com/security/skype-sb-2005-02.html",
"refsource": "CONFIRM",
"url": "http://skype.com/security/skype-sb-2005-02.html"
}
]
}
} }

158
2005/3xxx/CVE-2005-3421.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3421", "ID": "CVE-2005-3421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=366565", "description_data": [
"refsource" : "MISC", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=366565" "lang": "eng",
}, "value": "estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters."
{ }
"name" : "JVN#18282718", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/jp/JVN%2318282718/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15236", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15236" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015119", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015119" ]
}, },
{ "references": {
"name" : "17379", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17379" "name": "15236",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15236"
} },
{
"name": "17379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17379"
},
{
"name": "JVN#18282718",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2318282718/index.html"
},
{
"name": "1015119",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015119"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=366565",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=366565"
}
]
}
} }

148
2005/3xxx/CVE-2005-3578.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3578", "ID": "CVE-2005-3578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051114 Walla TeleSite Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/416581/30/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter."
{ }
"name" : "15419", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15419" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20883", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20883" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015204", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015204" ]
} },
] "references": {
} "reference_data": [
{
"name": "20051114 Walla TeleSite Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416581/30/0/threaded"
},
{
"name": "1015204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015204"
},
{
"name": "20883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20883"
},
{
"name": "15419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15419"
}
]
}
} }

148
2005/4xxx/CVE-2005-4082.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4082", "ID": "CVE-2005-4082",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051203 QNX 4.25 suided dhcp.client binary", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/418513/100/0/threaded" "lang": "eng",
}, "value": "The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks."
{ }
"name" : "15785", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17870", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17870" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "qnx-rtos-dhcpclient-dos(23543)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23543" ]
} },
] "references": {
} "reference_data": [
{
"name": "15785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15785"
},
{
"name": "17870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17870"
},
{
"name": "qnx-rtos-dhcpclient-dos(23543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23543"
},
{
"name": "20051203 QNX 4.25 suided dhcp.client binary",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418513/100/0/threaded"
}
]
}
} }

168
2005/4xxx/CVE-2005-4817.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4817", "ID": "CVE-2005-4817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=355808", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=355808" "lang": "eng",
}, "value": "Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function."
{ }
"name" : "14810", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14810" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-1709", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/1709" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19311", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=19311" ]
}, },
{ "references": {
"name" : "16752", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16752" "name": "tmsnc-uic-format-string(22242)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22242"
"name" : "tmsnc-uic-format-string(22242)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22242" "name": "16752",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/16752"
} },
{
"name": "14810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14810"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=355808",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=355808"
},
{
"name": "19311",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19311"
},
{
"name": "ADV-2005-1709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1709"
}
]
}
} }

118
2009/2xxx/CVE-2009-2095.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2095", "ID": "CVE-2009-2095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8948", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8948" "lang": "eng",
} "value": "PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8948",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8948"
}
]
}
} }

138
2009/2xxx/CVE-2009-2428.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2428", "ID": "CVE-2009-2428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors."
{ }
"name" : "35725", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/35725" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-1823", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1823" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1823",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1823"
},
{
"name": "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt"
},
{
"name": "35725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35725"
}
]
}
} }

178
2009/2xxx/CVE-2009-2734.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2734", "ID": "CVE-2009-2734",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091013 [BONSAI] SQL Injection in Achievo", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507131/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php."
{ }
"name" : "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt", ]
"refsource" : "MISC", },
"url" : "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.achievo.org/download/releasenotes/1_4_0", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.achievo.org/download/releasenotes/1_4_0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36660", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/36660" ]
}, },
{ "references": {
"name" : "1023017", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023017" "name": "20091013 [BONSAI] SQL Injection in Achievo",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507131/100/0/threaded"
"name" : "37035", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37035" "name": "36660",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36660"
"name" : "achievo-dispatch-sql-injection(53743)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743" "name": "achievo-dispatch-sql-injection(53743)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53743"
} },
{
"name": "37035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37035"
},
{
"name": "1023017",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023017"
},
{
"name": "http://www.achievo.org/download/releasenotes/1_4_0",
"refsource": "CONFIRM",
"url": "http://www.achievo.org/download/releasenotes/1_4_0"
},
{
"name": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt",
"refsource": "MISC",
"url": "http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt"
}
]
}
} }

118
2009/2xxx/CVE-2009-2801.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2801", "ID": "CVE-2009-2801",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a \"timing issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2010-03-29-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" "lang": "eng",
} "value": "The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a \"timing issue.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}
]
}
} }

188
2009/2xxx/CVE-2009-2932.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2932", "ID": "CVE-2009-2932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090812 [DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/505697/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field."
{ }
"name" : "http://www.dsecrg.com/pages/vul/show.php?id=133", ]
"refsource" : "MISC", },
"url" : "http://www.dsecrg.com/pages/vul/show.php?id=133" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://service.sap.com/sap/support/notes/1322098", "description": [
"refsource" : "MISC", {
"url" : "https://service.sap.com/sap/support/notes/1322098" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36034", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/36034" ]
}, },
{ "references": {
"name" : "57000", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/57000" "name": "57000",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/57000"
"name" : "1022731", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022731" "name": "http://www.dsecrg.com/pages/vul/show.php?id=133",
}, "refsource": "MISC",
{ "url": "http://www.dsecrg.com/pages/vul/show.php?id=133"
"name" : "36228", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36228" "name": "netweaver-uddi-xss(52429)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52429"
"name" : "netweaver-uddi-xss(52429)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52429" "name": "20090812 [DSECRG-09-033] SAP Netweaver UDDI - XSS Security Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/505697/100/0/threaded"
} },
{
"name": "1022731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022731"
},
{
"name": "https://service.sap.com/sap/support/notes/1322098",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1322098"
},
{
"name": "36034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36034"
},
{
"name": "36228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36228"
}
]
}
} }

198
2009/3xxx/CVE-2009-3381.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3381", "ID": "CVE-2009-3381",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502168", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=502168" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503196", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=503196" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508057", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508057" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=513394", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=513394" "name": "oval:org.mitre.oval:def:6495",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6495"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516709", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=516709" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=502168",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=502168"
"name" : "272909", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" "name": "272909",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1"
"name" : "oval:org.mitre.oval:def:6495", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6495" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=503196",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=503196"
"name" : "ADV-2009-3334", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3334" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516709",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516709"
} },
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=508057",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=508057"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=513394",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=513394"
},
{
"name": "ADV-2009-3334",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3334"
}
]
}
} }

128
2009/3xxx/CVE-2009-3647.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3647", "ID": "CVE-2009-3647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "36413", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36413" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "megafile-emaillinks-xss(53642)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53642" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36413"
},
{
"name": "megafile-emaillinks-xss(53642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53642"
}
]
}
} }

168
2009/3xxx/CVE-2009-3932.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3932", "ID": "CVE-2009-3932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting \"SQL metadata into a bad state.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=26179", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=26179" "lang": "eng",
}, "value": "The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting \"SQL metadata into a bad state.\""
{ }
"name" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36947", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36947" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59743", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/59743" ]
}, },
{ "references": {
"name" : "37273", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37273" "name": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2009/11/stable-channel-update.html"
"name" : "ADV-2009-3159", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3159" "name": "59743",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/59743"
} },
{
"name": "37273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37273"
},
{
"name": "ADV-2009-3159",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3159"
},
{
"name": "36947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36947"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=26179",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=26179"
}
]
}
} }

128
2009/4xxx/CVE-2009-4348.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4348", "ID": "CVE-2009-4348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "10466", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/10466" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146."
{ }
"name" : "37792", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/37792" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10466",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10466"
},
{
"name": "37792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37792"
}
]
}
} }

138
2015/0xxx/CVE-2015-0010.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-0010", "ID": "CVE-2015-0010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka \"CNG Security Feature Bypass Vulnerability\" or MSRC ID 20707."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=128", "description_data": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=128" "lang": "eng",
}, "value": "The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka \"CNG Security Feature Bypass Vulnerability\" or MSRC ID 20707."
{ }
"name" : "MS15-010", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72461", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72461" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010"
},
{
"name": "72461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72461"
},
{
"name": "http://code.google.com/p/google-security-research/issues/detail?id=128",
"refsource": "MISC",
"url": "http://code.google.com/p/google-security-research/issues/detail?id=128"
}
]
}
} }

148
2015/0xxx/CVE-2015-0388.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0388", "ID": "CVE-2015-0388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417."
{ }
"name" : "72209", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72209" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031578", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031578" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oracle-cpujan2015-cve20150388(100130)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100130" ]
} },
] "references": {
} "reference_data": [
{
"name": "72209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72209"
},
{
"name": "oracle-cpujan2015-cve20150388(100130)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100130"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "1031578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031578"
}
]
}
} }

138
2015/0xxx/CVE-2015-0581.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0581", "ID": "CVE-2015-0581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150128 Cisco Prime Service Catalog XML External Entity Processing Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee" "lang": "eng",
}, "value": "The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related to an XML External Entity (XXE) issue, aka Bug ID CSCup92880."
{ }
"name" : "72350", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/72350" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031658", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031658" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20150128 Cisco Prime Service Catalog XML External Entity Processing Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee"
},
{
"name": "72350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72350"
},
{
"name": "1031658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031658"
}
]
}
} }

288
2015/0xxx/CVE-2015-0816.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2015-0816", "ID": "CVE-2015-0816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "37958", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/37958/" "lang": "eng",
}, "value": "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js."
{ }
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" ]
}, },
{ "references": {
"name" : "DSA-3211", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3211" "name": "1031996",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1031996"
"name" : "DSA-3212", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3212" "name": "73461",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/73461"
"name" : "GLSA-201512-10", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201512-10" "name": "openSUSE-SU-2015:0892",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html"
"name" : "RHSA-2015:0766", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0766.html" "name": "GLSA-201512-10",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201512-10"
"name" : "RHSA-2015:0771", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0771.html" "name": "DSA-3212",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3212"
"name" : "SUSE-SU-2015:0704", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html" "name": "37958",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/37958/"
"name" : "openSUSE-SU-2015:0677", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" "name": "SUSE-SU-2015:0704",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html"
"name" : "openSUSE-SU-2015:1266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" "name": "USN-2552-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2552-1"
"name" : "openSUSE-SU-2015:0892", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1144991"
"name" : "USN-2550-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2550-1" "name": "RHSA-2015:0766",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0766.html"
"name" : "USN-2552-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2552-1" "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-33.html"
"name" : "73461", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73461" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name" : "1031996", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031996" "name": "openSUSE-SU-2015:1266",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
"name" : "1032000", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032000" "name": "USN-2550-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2550-1"
} },
{
"name": "1032000",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032000"
},
{
"name": "openSUSE-SU-2015:0677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html"
},
{
"name": "RHSA-2015:0771",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0771.html"
},
{
"name": "DSA-3211",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3211"
}
]
}
} }

128
2015/1000xxx/CVE-2015-1000004.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1000004", "ID": "CVE-2015-1000004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS in filedownload v1.4 wordpress plugin"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vapidlabs.com/advisory.php?v=140", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vapidlabs.com/advisory.php?v=140" "lang": "eng",
}, "value": "XSS in filedownload v1.4 wordpress plugin"
{ }
"name" : "97107", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97107" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=140",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=140"
},
{
"name": "97107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97107"
}
]
}
} }

148
2015/1xxx/CVE-2015-1415.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1415", "ID": "CVE-2015-1415",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535209/100/0/threaded" "lang": "eng",
}, "value": "The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local users to obtain sensitive key information by reading the file."
{ }
"name" : "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FreeBSD-SA-15:08", "description": [
"refsource" : "FREEBSD", {
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032042", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032042" ]
} },
] "references": {
} "reference_data": [
{
"name": "1032042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032042"
},
{
"name": "FreeBSD-SA-15:08",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:08.bsdinstall.asc"
},
{
"name": "20150407 FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535209/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131338/FreeBSD-10.x-ZFS-encryption.key-Disclosure.html"
}
]
}
} }

138
2015/1xxx/CVE-2015-1709.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1709", "ID": "CVE-2015-1709",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-043", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" "lang": "eng",
}, "value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "74512", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/74512" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032282", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032282" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1032282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032282"
},
{
"name": "74512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74512"
},
{
"name": "MS15-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
}
]
}
} }

218
2015/1xxx/CVE-2015-1856.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1856", "ID": "CVE-2015-1856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html" "lang": "eng",
}, "value": "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container."
{ }
"name" : "https://bugs.launchpad.net/swift/+bug/1430645", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/swift/+bug/1430645" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-12245", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:1681", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1681.html" "name": "RHSA-2015:1845",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
"name" : "RHSA-2015:1684", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1684.html" "name": "https://bugs.launchpad.net/swift/+bug/1430645",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/swift/+bug/1430645"
"name" : "RHSA-2015:1845", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1845.html" "name": "SUSE-SU-2015:1846",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html"
"name" : "RHSA-2015:1846", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1846.html" "name": "RHSA-2015:1846",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
"name" : "SUSE-SU-2015:1846", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" "name": "RHSA-2015:1681",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html"
"name" : "USN-2704-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2704-1" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name" : "74182", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74182" "name": "USN-2704-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2704-1"
} },
{
"name": "74182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74182"
},
{
"name": "FEDORA-2015-12245",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html"
},
{
"name": "[openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html"
},
{
"name": "RHSA-2015:1684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html"
}
]
}
} }

32
2015/4xxx/CVE-2015-4030.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4030", "ID": "CVE-2015-4030",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2015/4xxx/CVE-2015-4223.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4223", "ID": "CVE-2015-4223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150624 Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39509" "lang": "eng",
}, "value": "Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of service (process reload) via crafted MPLS Label Distribution Protocol (LDP) packets, aka Bug ID CSCuu77478."
{ }
"name" : "75399", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75399" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032715", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032715" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1032715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032715"
},
{
"name": "75399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75399"
},
{
"name": "20150624 Cisco IOS XR MPLS LDP Packet Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39509"
}
]
}
} }

138
2015/4xxx/CVE-2015-4450.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-4450", "ID": "CVE-2015-4450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092."
{ }
"name" : "75742", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75742" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032892", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032892" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name": "75742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75742"
}
]
}
} }

228
2015/4xxx/CVE-2015-4729.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4729", "ID": "CVE-2015-4729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment."
{ }
"name" : "GLSA-201603-11", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201603-11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:1241", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1241.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:1242", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1242.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:1485", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1485.html" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"name" : "RHSA-2015:1488", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1488.html" "name": "1032910",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032910"
"name" : "SUSE-SU-2015:1319", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" "name": "RHSA-2015:1485",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
"name" : "SUSE-SU-2015:1320", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" "name": "75892",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/75892"
"name" : "openSUSE-SU-2015:1288", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" "name": "openSUSE-SU-2015:1289",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
"name" : "openSUSE-SU-2015:1289", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" "name": "GLSA-201603-11",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201603-11"
"name" : "75892", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75892" "name": "RHSA-2015:1242",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
"name" : "1032910", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032910" "name": "RHSA-2015:1488",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
} },
{
"name": "SUSE-SU-2015:1319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"name": "SUSE-SU-2015:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"name": "openSUSE-SU-2015:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"name": "RHSA-2015:1241",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
}
]
}
} }

128
2015/4xxx/CVE-2015-4859.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4859", "ID": "CVE-2015-4859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen."
{ }
"name" : "1033897", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033897" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1033897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033897"
}
]
}
} }

128
2015/5xxx/CVE-2015-5305.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5305", "ID": "CVE-2015-5305",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273969", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1273969" "lang": "eng",
}, "value": "Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd."
{ }
"name" : "RHSA-2015:1945", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2015:1945" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1273969"
},
{
"name": "RHSA-2015:1945",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1945"
}
]
}
} }

32
2018/2xxx/CVE-2018-2037.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2037", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2037",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

32
2018/2xxx/CVE-2018-2542.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-2542", "ID": "CVE-2018-2542",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/3xxx/CVE-2018-3160.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3160", "ID": "CVE-2018-3160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Cruise Shipboard Property Management System", "product_name": "Hospitality Cruise Shipboard Property Management System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0" "version_value": "8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). The supported version that is affected is 8.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). The supported version that is affected is 8.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)."
{ }
"name" : "105632", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105632" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105632"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
} }

180
2018/3xxx/CVE-2018-3167.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3167", "ID": "CVE-2018-3167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Application Management Pack for Oracle E-Business Suite", "product_name": "Application Management Pack for Oracle E-Business Suite",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.6" "version_value": "12.2.6"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.7" "version_value": "12.2.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "105627", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105627" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041897", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041897" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data."
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1041897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041897"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105627"
}
]
}
} }

130
2018/3xxx/CVE-2018-3744.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3744", "ID": "CVE-2018-3744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "html-pages node module", "product_name": "html-pages node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Not fixed" "version_value": "Not fixed"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal: '.../...//' (CWE-35)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/danielcardoso/html-pages/issues/2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/danielcardoso/html-pages/issues/2" "lang": "eng",
}, "value": "The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL."
{ }
"name" : "https://hackerone.com/reports/306607", ]
"refsource" : "MISC", },
"url" : "https://hackerone.com/reports/306607" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Path Traversal: '.../...//' (CWE-35)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/306607",
"refsource": "MISC",
"url": "https://hackerone.com/reports/306607"
},
{
"name": "https://github.com/danielcardoso/html-pages/issues/2",
"refsource": "MISC",
"url": "https://github.com/danielcardoso/html-pages/issues/2"
}
]
}
} }

120
2018/3xxx/CVE-2018-3866.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00", "DATE_PUBLIC": "2018-07-26T00:00:00",
"ID" : "CVE-2018-3866", "ID": "CVE-2018-3866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Samsung", "product_name": "Samsung",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Samsung" "vendor_name": "Samsung"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Classic Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548" "lang": "eng",
} "value": "An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Classic Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548"
}
]
}
} }

130
2018/3xxx/CVE-2018-3972.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-09-25T00:00:00", "DATE_PUBLIC": "2018-09-25T00:00:00",
"ID" : "CVE-2018-3972", "ID": "CVE-2018-3972",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Epee", "product_name": "Epee",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700)" "version_value": "as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "https://github.com/sabelnikov" "vendor_name": "https://github.com/sabelnikov"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html" "lang": "eng",
}, "value": "An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
{ }
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637", ]
"refsource" : "MISC", },
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0637"
},
{
"name": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html",
"refsource": "MISC",
"url": "https://blog.talosintelligence.com/2018/09/epee-levin-vuln.html"
}
]
}
} }

120
2018/3xxx/CVE-2018-3998.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00", "DATE_PUBLIC": "2018-10-01T00:00:00",
"ID" : "CVE-2018-3998", "ID": "CVE-2018-3998",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Atlantis Word Processor", "product_name": "Atlantis Word Processor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.2.5.0" "version_value": "3.2.5.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "The Atlantis Word Processor Team" "vendor_name": "The Atlantis Word Processor Team"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap-based buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666" "lang": "eng",
} "value": "An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0666"
}
]
}
} }

32
2018/6xxx/CVE-2018-6403.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6403", "ID": "CVE-2018-6403",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2018/6xxx/CVE-2018-6485.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6485", "ID": "CVE-2018-6485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/878159", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/878159" "lang": "eng",
}, "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption."
{ }
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", ]
"refsource" : "CONFIRM", },
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3092", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3092" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102912", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/102912" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343"
},
{
"name": "102912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102912"
},
{
"name": "http://bugs.debian.org/878159",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/878159"
},
{
"name": "RHSA-2018:3092",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3092"
}
]
}
} }

118
2018/6xxx/CVE-2018-6518.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6518", "ID": "CVE-2018-6518",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS" "lang": "eng",
} "value": "Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS",
"refsource": "MISC",
"url": "https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Site-Scripting-XSS"
}
]
}
} }

128
2018/6xxx/CVE-2018-6540.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6540", "ID": "CVE-2018-6540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/gdraheim/zziplib/issues/15", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/gdraheim/zziplib/issues/15" "lang": "eng",
}, "value": "In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file."
{ }
"name" : "USN-3699-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3699-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3699-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3699-1/"
},
{
"name": "https://github.com/gdraheim/zziplib/issues/15",
"refsource": "MISC",
"url": "https://github.com/gdraheim/zziplib/issues/15"
}
]
}
} }

158
2018/6xxx/CVE-2018-6849.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6849", "ID": "CVE-2018-6849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44403", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44403/" "lang": "eng",
}, "value": "In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request."
{ }
"name" : "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html", ]
"refsource" : "MISC", },
"url" : "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rapid7/metasploit-framework/pull/9538", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/rapid7/metasploit-framework/pull/9538" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://news.ycombinator.com/item?id=16699270", ]
"refsource" : "MISC", }
"url" : "https://news.ycombinator.com/item?id=16699270" ]
}, },
{ "references": {
"name" : "https://voidsec.com/vpn-leak/", "reference_data": [
"refsource" : "MISC", {
"url" : "https://voidsec.com/vpn-leak/" "name": "https://github.com/rapid7/metasploit-framework/pull/9538",
} "refsource": "MISC",
] "url": "https://github.com/rapid7/metasploit-framework/pull/9538"
} },
{
"name": "https://voidsec.com/vpn-leak/",
"refsource": "MISC",
"url": "https://voidsec.com/vpn-leak/"
},
{
"name": "44403",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44403/"
},
{
"name": "https://news.ycombinator.com/item?id=16699270",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=16699270"
},
{
"name": "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html",
"refsource": "MISC",
"url": "https://datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html"
}
]
}
} }

32
2018/7xxx/CVE-2018-7007.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-7007", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-7007",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

32
2018/7xxx/CVE-2018-7710.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7710", "ID": "CVE-2018-7710",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/7xxx/CVE-2018-7996.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7996", "ID": "CVE-2018-7996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069" "lang": "eng",
} "value": "Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069",
"refsource": "MISC",
"url": "https://medium.com/stolabs/security-issues-on-eramba-cf887bc0a069"
}
]
}
} }