admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:43:27 +00:00
parent 3a8d9b3b67
commit e0f08cedbd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3517 additions and 3517 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0018.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS02-001",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001"
},
{
"name" : "3997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3997"
},
{
"name" : "oval:org.mitre.oval:def:159",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159"
},
{
"name" : "oval:org.mitre.oval:def:64",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64"
},
{
"name" : "win-sid-gain-privileges(8023)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3997"
},
{
"name": "win-sid-gain-privileges(8023)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8023"
},
{
"name": "oval:org.mitre.oval:def:159",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159"
},
{
"name": "MS02-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001"
},
{
"name": "oval:org.mitre.oval:def:64",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64"
}
]
}
}

140
2002/0xxx/CVE-2002-0753.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020416 Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0210.html"
},
{
"name" : "webplus-long-cookie-bop(8861)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8861.php"
},
{
"name" : "4530",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4530"
},
{
"name": "webplus-long-cookie-bop(8861)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8861.php"
},
{
"name": "20020416 Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0210.html"
}
]
}
}

150
2002/2xxx/CVE-2002-2262.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX0212-232",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/4764"
},
{
"name" : "6356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6356"
},
{
"name" : "oval:org.mitre.oval:def:4959",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4959"
},
{
"name" : "hp-xnptd-dos(10836)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX0212-232",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/4764"
},
{
"name": "hp-xnptd-dos(10836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10836"
},
{
"name": "oval:org.mitre.oval:def:4959",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4959"
},
{
"name": "6356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6356"
}
]
}
}

130
2005/0xxx/CVE-2005-0068.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html",
"refsource" : "MISC",
"url" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html"
},
{
"name" : "13124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13124"
},
{
"name": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html",
"refsource": "MISC",
"url": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html"
}
]
}
}

170
2005/0xxx/CVE-2005-0238.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050206 state of homograph attacks",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name" : "http://www.shmoo.com/idn",
"refsource" : "MISC",
"url" : "http://www.shmoo.com/idn"
},
{
"name" : "http://www.shmoo.com/idn/homograph.txt",
"refsource" : "MISC",
"url" : "http://www.shmoo.com/idn/homograph.txt"
},
{
"name" : "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name" : "12461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12461"
},
{
"name" : "multiple-browsers-idn-spoof(19236)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shmoo.com/idn/homograph.txt",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn/homograph.txt"
},
{
"name": "multiple-browsers-idn-spoof(19236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
},
{
"name": "20050206 state of homograph attacks",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
},
{
"name": "http://www.shmoo.com/idn",
"refsource": "MISC",
"url": "http://www.shmoo.com/idn"
},
{
"name": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399"
},
{
"name": "12461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12461"
}
]
}
}

34
2005/0xxx/CVE-2005-0528.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0528",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0985. Reason: This candidate is a duplicate of CVE-2003-0985. Notes: All CVE users should reference CVE-2003-0985 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-0528",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0985. Reason: This candidate is a duplicate of CVE-2003-0985. Notes: All CVE users should reference CVE-2003-0985 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

130
2005/1xxx/CVE-2005-1035.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=313436",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=313436"
},
{
"name" : "14571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14571"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=313436",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=313436"
},
{
"name": "14571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14571"
}
]
}
}

180
2005/1xxx/CVE-2005-1041.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bk-commits-head] 20050319 [PATCH] Fix crash while reading /proc/net/route",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=bk-commits-head&m=111186506706769&w=2"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "RHSA-2005:366",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html"
},
{
"name" : "SUSE-SA:2005:068",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name" : "13267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13267"
},
{
"name" : "oval:org.mitre.oval:def:9487",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9487"
},
{
"name" : "17918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17918"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:366",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-366.html"
},
{
"name": "13267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13267"
},
{
"name": "[bk-commits-head] 20050319 [PATCH] Fix crash while reading /proc/net/route",
"refsource": "MLIST",
"url": "http://marc.info/?l=bk-commits-head&m=111186506706769&w=2"
},
{
"name": "SUSE-SA:2005:068",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9487",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9487"
},
{
"name": "17918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17918"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
}
]
}
}

150
2005/1xxx/CVE-2005-1239.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via \"..\" sequences in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050420 Canonicalization and directory traversal in iSeries FTP security products",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/396628"
},
{
"name" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf",
"refsource" : "MISC",
"url" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf"
},
{
"name" : "13310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13310"
},
{
"name" : "multiple-vendor-security-bypass(20260)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via \"..\" sequences in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13310"
},
{
"name": "20050420 Canonicalization and directory traversal in iSeries FTP security products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396628"
},
{
"name": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf",
"refsource": "MISC",
"url": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf"
},
{
"name": "multiple-vendor-security-bypass(20260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260"
}
]
}
}

150
2009/0xxx/CVE-2009-0293.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0293",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7877",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7877"
},
{
"name" : "33461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33461"
},
{
"name" : "51625",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51625"
},
{
"name" : "33654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33654"
},
{
"name": "33461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33461"
},
{
"name": "7877",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7877"
},
{
"name": "51625",
"refsource": "OSVDB",
"url": "http://osvdb.org/51625"
}
]
}
}

280
2009/0xxx/CVE-2009-0748.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://bugzilla.kernel.org/show_bug.cgi?id=12371",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.kernel.org/show_bug.cgi?id=12371"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ec110281379826c5cf6ed14735e47027c3c5765",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ec110281379826c5cf6ed14735e47027c3c5765"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "DSA-1749",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1749"
},
{
"name" : "RHSA-2009:1243",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name" : "USN-751-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-751-1"
},
{
"name" : "52203",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52203"
},
{
"name" : "oval:org.mitre.oval:def:10683",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10683"
},
{
"name" : "oval:org.mitre.oval:def:8526",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8526"
},
{
"name" : "34394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34394"
},
{
"name" : "37471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37471"
},
{
"name" : "36562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36562"
},
{
"name" : "ADV-2009-0509",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0509"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:8526",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8526"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"
},
{
"name": "http://bugzilla.kernel.org/show_bug.cgi?id=12371",
"refsource": "CONFIRM",
"url": "http://bugzilla.kernel.org/show_bug.cgi?id=12371"
},
{
"name": "ADV-2009-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0509"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "RHSA-2009:1243",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "DSA-1749",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1749"
},
{
"name": "USN-751-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-751-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ec110281379826c5cf6ed14735e47027c3c5765",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ec110281379826c5cf6ed14735e47027c3c5765"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "52203",
"refsource": "OSVDB",
"url": "http://osvdb.org/52203"
},
{
"name": "36562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36562"
},
{
"name": "34394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34394"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "oval:org.mitre.oval:def:10683",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10683"
}
]
}
}

130
2009/0xxx/CVE-2009-0900.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IC59375",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IC59375"
},
{
"name" : "websphere-mq-client-ccdt-bo(51038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC59375",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC59375"
},
{
"name": "websphere-mq-client-ccdt-bo(51038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51038"
}
]
}
}

170
2009/1xxx/CVE-2009-1190.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090424 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502926/100/0/threaded"
},
{
"name" : "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"
},
{
"name" : "http://www.springsource.com/securityadvisory",
"refsource" : "CONFIRM",
"url" : "http://www.springsource.com/securityadvisory"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=497161",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=497161"
},
{
"name" : "34892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34892"
},
{
"name" : "springframework-data-dos(50083)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090424 CVE-2009-1190: Spring Framework Remote Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502926/100/0/threaded"
},
{
"name": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf"
},
{
"name": "springframework-data-dos(50083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50083"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=497161",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497161"
},
{
"name": "http://www.springsource.com/securityadvisory",
"refsource": "CONFIRM",
"url": "http://www.springsource.com/securityadvisory"
},
{
"name": "34892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34892"
}
]
}
}

360
2009/1xxx/CVE-2009-1265.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes \"garbage\" memory to be sent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090408 CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/04/08/2"
},
{
"name" : "http://bugzilla.kernel.org/show_bug.cgi?id=10423",
"refsource" : "MISC",
"url" : "http://bugzilla.kernel.org/show_bug.cgi?id=10423"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9"
},
{
"name" : "DSA-1787",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1787"
},
{
"name" : "DSA-1794",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1794"
},
{
"name" : "DSA-1800",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1800"
},
{
"name" : "MDVSA-2009:119",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:119"
},
{
"name" : "MDVSA-2009:135",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
},
{
"name" : "SUSE-SA:2009:028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name" : "SUSE-SA:2009:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name" : "SUSE-SA:2009:031",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name" : "SUSE-SA:2009:032",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html"
},
{
"name" : "USN-793-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name" : "34654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34654"
},
{
"name" : "53571",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53571"
},
{
"name" : "53630",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53630"
},
{
"name" : "53631",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53631"
},
{
"name" : "34981",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34981"
},
{
"name" : "35011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35011"
},
{
"name" : "35121",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35121"
},
{
"name" : "35185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35185"
},
{
"name" : "35390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35390"
},
{
"name" : "35394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35394"
},
{
"name" : "35387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35387"
},
{
"name" : "35656",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35656"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes \"garbage\" memory to be sent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35390"
},
{
"name": "MDVSA-2009:135",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
},
{
"name": "53630",
"refsource": "OSVDB",
"url": "http://osvdb.org/53630"
},
{
"name": "SUSE-SA:2009:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "SUSE-SA:2009:032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html"
},
{
"name": "35656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35656"
},
{
"name": "http://bugzilla.kernel.org/show_bug.cgi?id=10423",
"refsource": "MISC",
"url": "http://bugzilla.kernel.org/show_bug.cgi?id=10423"
},
{
"name": "DSA-1794",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1794"
},
{
"name": "53571",
"refsource": "OSVDB",
"url": "http://osvdb.org/53571"
},
{
"name": "SUSE-SA:2009:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35185"
},
{
"name": "35011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35011"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9"
},
{
"name": "34654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34654"
},
{
"name": "[oss-security] 20090408 CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/08/2"
},
{
"name": "SUSE-SA:2009:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "USN-793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "53631",
"refsource": "OSVDB",
"url": "http://osvdb.org/53631"
},
{
"name": "34981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34981"
},
{
"name": "DSA-1800",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35387"
},
{
"name": "DSA-1787",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1787"
},
{
"name": "MDVSA-2009:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:119"
},
{
"name": "35121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35121"
},
{
"name": "35394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35394"
}
]
}
}

260
2009/1xxx/CVE-2009-1694.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a \"cross-site image capture issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
},
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "DSA-1950",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1950"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
},
{
"name" : "35322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35322"
},
{
"name" : "55005",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55005"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
},
{
"name" : "37746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37746"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a \"cross-site image capture issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "55005",
"refsource": "OSVDB",
"url": "http://osvdb.org/55005"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "37746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37746"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "DSA-1950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "35322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35322"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
}

34
2009/1xxx/CVE-2009-1795.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1795",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1795",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2009/1xxx/CVE-2009-1960.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8781",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8781"
},
{
"name" : "8812",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8812"
},
{
"name" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1700",
"refsource" : "CONFIRM",
"url" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1700"
},
{
"name" : "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commitdiff;h=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz",
"refsource" : "CONFIRM",
"url" : "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commitdiff;h=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
},
{
"name" : "35095",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35095"
},
{
"name" : "35218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8812",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8812"
},
{
"name": "35095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35095"
},
{
"name": "http://bugs.splitbrain.org/index.php?do=details&task_id=1700",
"refsource": "CONFIRM",
"url": "http://bugs.splitbrain.org/index.php?do=details&task_id=1700"
},
{
"name": "35218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35218"
},
{
"name": "8781",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8781"
},
{
"name": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commitdiff;h=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz",
"refsource": "CONFIRM",
"url": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commitdiff;h=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
}
]
}
}

180
2009/1xxx/CVE-2009-1980.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35686"
},
{
"name" : "55898",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55898"
},
{
"name" : "1022562",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022562"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-ebs-aol-unspecified(51763)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "55898",
"refsource": "OSVDB",
"url": "http://osvdb.org/55898"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "oracle-ebs-aol-unspecified(51763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51763"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "35686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35686"
},
{
"name": "1022562",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022562"
}
]
}
}

130
2009/4xxx/CVE-2009-4661.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9695",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9695"
},
{
"name" : "9734",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9734"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9695",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9695"
},
{
"name": "9734",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9734"
}
]
}
}

170
2009/5xxx/CVE-2009-5145.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150302 Re: XSS In Zope",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/03/02/7"
},
{
"name" : "http://cve.killedkenny.io/cve/CVE-2009-5145",
"refsource" : "MISC",
"url" : "http://cve.killedkenny.io/cve/CVE-2009-5145"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2009-5145/",
"refsource" : "MISC",
"url" : "https://security-tracker.debian.org/tracker/CVE-2009-5145/"
},
{
"name" : "https://bugs.launchpad.net/zope2/+bug/490514",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/zope2/+bug/490514"
},
{
"name" : "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d",
"refsource" : "CONFIRM",
"url" : "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"
},
{
"name" : "72792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72792/info"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/zope2/+bug/490514",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/490514"
},
{
"name": "72792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72792/info"
},
{
"name": "[oss-security] 20150302 Re: XSS In Zope",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/7"
},
{
"name": "http://cve.killedkenny.io/cve/CVE-2009-5145",
"refsource": "MISC",
"url": "http://cve.killedkenny.io/cve/CVE-2009-5145"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2009-5145/",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5145/"
}
]
}
}

130
2012/2xxx/CVE-2012-2014.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-2014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02786",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name" : "SSRT100877",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02786",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name": "SSRT100877",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
}
]
}
}

210
2012/2xxx/CVE-2012-2119.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-netdev] 20120416 [PATCH 3/6] macvtap: zerocopy: validate vector length before pinning user pages",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-netdev&m=133455718001608&w=2"
},
{
"name" : "[oss-security] 20120419 Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/19/14"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b92946e2919134ebe2a4083e4302236295ea2a73",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b92946e2919134ebe2a4083e4302236295ea2a73"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"name" : "https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73"
},
{
"name" : "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=4aae94d1c7b32316911c86176c0ed4f8ed62da73",
"refsource" : "CONFIRM",
"url" : "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=4aae94d1c7b32316911c86176c0ed4f8ed62da73"
},
{
"name" : "RHSA-2012:0743",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
},
{
"name" : "openSUSE-SU-2013:0925",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name" : "USN-1529-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1529-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"name": "RHSA-2012:0743",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
},
{
"name": "https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b92946e2919134ebe2a4083e4302236295ea2a73"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b92946e2919134ebe2a4083e4302236295ea2a73",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b92946e2919134ebe2a4083e4302236295ea2a73"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=814278"
},
{
"name": "[linux-netdev] 20120416 [PATCH 3/6] macvtap: zerocopy: validate vector length before pinning user pages",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-netdev&m=133455718001608&w=2"
},
{
"name": "USN-1529-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name": "openSUSE-SU-2013:0925",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=4aae94d1c7b32316911c86176c0ed4f8ed62da73",
"refsource": "CONFIRM",
"url": "https://oss.oracle.com/git/?p=redpatch.git;a=commit;h=4aae94d1c7b32316911c86176c0ed4f8ed62da73"
},
{
"name": "[oss-security] 20120419 Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/19/14"
}
]
}
}

140
2012/2xxx/CVE-2012-2977.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00"
},
{
"name" : "VU#108471",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/108471"
},
{
"name" : "54430",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54430"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00"
},
{
"name": "VU#108471",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/108471"
},
{
"name": "54430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54430"
}
]
}
}

130
2012/3xxx/CVE-2012-3184.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2012/3xxx/CVE-2012-3855.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3855",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3855",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2012/4xxx/CVE-2012-4105.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted \"debug hardware\" parameters, aka Bug ID CSCtq86468."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131011 Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4105"
},
{
"name" : "62980",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62980"
},
{
"name" : "98437",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (component crash) via crafted \"debug hardware\" parameters, aka Bug ID CSCtq86468."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62980"
},
{
"name": "98437",
"refsource": "OSVDB",
"url": "http://osvdb.org/98437"
},
{
"name": "20131011 Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4105"
}
]
}
}

34
2012/6xxx/CVE-2012-6177.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6177",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6177",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

140
2012/6xxx/CVE-2012-6352.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-6352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623608",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623608"
},
{
"name" : "QC20158",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1QC20158"
},
{
"name" : "sterling-connectdirect-dos(80701)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on UNIX allows remote attackers to cause a denial of service (daemon crash and disk consumption) via crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sterling-connectdirect-dos(80701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80701"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623608",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623608"
},
{
"name": "QC20158",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1QC20158"
}
]
}
}

170
2012/6xxx/CVE-2012-6572.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.madirish.net/550",
"refsource" : "MISC",
"url" : "http://www.madirish.net/550"
},
{
"name" : "https://drupal.org/node/1782686",
"refsource" : "MISC",
"url" : "https://drupal.org/node/1782686"
},
{
"name" : "https://drupal.org/node/1782286",
"refsource" : "CONFIRM",
"url" : "https://drupal.org/node/1782286"
},
{
"name" : "85422",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85422"
},
{
"name" : "50557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50557"
},
{
"name" : "inf08-vocabularynames-xss(78575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the \"administer taxonomy\" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/550",
"refsource": "MISC",
"url": "http://www.madirish.net/550"
},
{
"name": "https://drupal.org/node/1782286",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/1782286"
},
{
"name": "inf08-vocabularynames-xss(78575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78575"
},
{
"name": "85422",
"refsource": "OSVDB",
"url": "http://osvdb.org/85422"
},
{
"name": "https://drupal.org/node/1782686",
"refsource": "MISC",
"url": "https://drupal.org/node/1782686"
},
{
"name": "50557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50557"
}
]
}
}

150
2015/5xxx/CVE-2015-5506.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2507581",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2507581"
},
{
"name" : "https://www.drupal.org/node/2489890",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2489890"
},
{
"name" : "75275",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2489890",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2489890"
},
{
"name": "75275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75275"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name": "https://www.drupal.org/node/2507581",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2507581"
}
]
}
}

34
2017/2xxx/CVE-2017-2051.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2051",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2051",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

130
2017/2xxx/CVE-2017-2290.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@puppet.com",
"ID" : "CVE-2017-2290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "mcollective-puppet-agent plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.12.0"
}
]
}
}
]
},
"vendor_name" : "Puppet"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next \"mco puppet\" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2017-2290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mcollective-puppet-agent plugin",
"version": {
"version_data": [
{
"version_value": "1.12.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://puppet.com/security/cve/cve-2017-2290",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2017-2290"
},
{
"name" : "96583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next \"mco puppet\" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96583"
},
{
"name": "https://puppet.com/security/cve/cve-2017-2290",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-2290"
}
]
}
}

140
2017/2xxx/CVE-2017-2359.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the \"Safari\" component, which allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207484",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207484"
},
{
"name" : "95724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95724"
},
{
"name" : "1037669",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the \"Safari\" component, which allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037669"
},
{
"name": "https://support.apple.com/HT207484",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207484"
},
{
"name": "95724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95724"
}
]
}
}

34
2017/2xxx/CVE-2017-2570.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2570",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2570",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/2xxx/CVE-2017-2734.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "P9 Plus",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier before VIE-AL10BC00B386"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P9 Plus",
"version": {
"version_data": [
{
"version_value": "Versions earlier before VIE-AL10BC00B386"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-02-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-02-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-02-smartphone-en"
}
]
}
}

122
2017/2xxx/CVE-2017-2865.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-31T00:00:00",
"ID" : "CVE-2017-2865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Circle",
"version" : {
"version_data" : [
{
"version_value" : "firmware 2.0.1"
}
]
}
}
]
},
"vendor_name" : "Circle Media"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-10-31T00:00:00",
"ID": "CVE-2017-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Circle",
"version": {
"version_data": [
{
"version_value": "firmware 2.0.1"
}
]
}
}
]
},
"vendor_name": "Circle Media"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0371",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0371",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0371"
}
]
}
}

150
2018/11xxx/CVE-2018-11518.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html",
"refsource" : "MISC",
"url" : "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"
},
{
"name" : "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html",
"refsource" : "MISC",
"url" : "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"
},
{
"name" : "https://twitter.com/mishradhiraj_/status/1001664204485652482",
"refsource" : "MISC",
"url" : "https://twitter.com/mishradhiraj_/status/1001664204485652482"
},
{
"name" : "https://twitter.com/mishradhiraj_/status/1001664440759091207",
"refsource" : "MISC",
"url" : "https://twitter.com/mishradhiraj_/status/1001664440759091207"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/mishradhiraj_/status/1001664440759091207",
"refsource": "MISC",
"url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"
},
{
"name": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html",
"refsource": "MISC",
"url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"
},
{
"name": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html",
"refsource": "MISC",
"url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"
},
{
"name": "https://twitter.com/mishradhiraj_/status/1001664204485652482",
"refsource": "MISC",
"url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"
}
]
}
}

120
2018/11xxx/CVE-2018-11571.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ClipperCMS 1.3.3 allows Session Fixation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ClipperCMS/ClipperCMS/issues/486",
"refsource" : "MISC",
"url" : "https://github.com/ClipperCMS/ClipperCMS/issues/486"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClipperCMS 1.3.3 allows Session Fixation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ClipperCMS/ClipperCMS/issues/486",
"refsource": "MISC",
"url": "https://github.com/ClipperCMS/ClipperCMS/issues/486"
}
]
}
}

120
2018/11xxx/CVE-2018-11649.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hue 3.12 has XSS via the /pig/save/ name and script parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Blck4/HUE-Exploit",
"refsource" : "MISC",
"url" : "https://github.com/Blck4/HUE-Exploit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hue 3.12 has XSS via the /pig/save/ name and script parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Blck4/HUE-Exploit",
"refsource": "MISC",
"url": "https://github.com/Blck4/HUE-Exploit"
}
]
}
}

34
2018/11xxx/CVE-2018-11744.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11744",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11744",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/14xxx/CVE-2018-14056.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773",
"refsource" : "MISC",
"url" : "https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773"
},
{
"name" : "DSA-4252",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4252"
},
{
"name" : "GLSA-201807-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201807-03"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773",
"refsource": "MISC",
"url": "https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773"
},
{
"name": "DSA-4252",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4252"
},
{
"name": "GLSA-201807-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201807-03"
}
]
}
}

34
2018/14xxx/CVE-2018-14150.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14150",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14150",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/14xxx/CVE-2018-14399.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libs\\classes\\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.an-sheng.cc/index.php/archives/4/",
"refsource" : "MISC",
"url" : "http://www.an-sheng.cc/index.php/archives/4/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libs\\classes\\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.an-sheng.cc/index.php/archives/4/",
"refsource": "MISC",
"url": "http://www.an-sheng.cc/index.php/archives/4/"
}
]
}
}

34
2018/14xxx/CVE-2018-14547.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14547",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14547",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/14xxx/CVE-2018-14581.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisories",
"refsource" : "MISC",
"url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisories"
},
{
"name" : "https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes",
"refsource" : "CONFIRM",
"url" : "https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes"
},
{
"name" : "https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes",
"refsource" : "CONFIRM",
"url" : "https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes",
"refsource": "CONFIRM",
"url": "https://documentation.red-gate.com/sa6/release-notes-and-other-versions/smartassembly-6-12-release-notes"
},
{
"name": "https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes",
"refsource": "CONFIRM",
"url": "https://documentation.red-gate.com/ref10/release-notes-and-other-versions/net-reflector-10-0-release-notes"
},
{
"name": "https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisories",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-code-execution-by-viewing-resource-files-in-.net-reflector/?research=Technical+advisories"
}
]
}
}

122
2018/14xxx/CVE-2018-14809.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-11T00:00:00",
"ID" : "CVE-2018-14809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "V-Server",
"version" : {
"version_data" : [
{
"version_value" : "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name" : "Fuji Electric"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "USE AFTER FREE CWE-416"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
}
]
}
}

132
2018/14xxx/CVE-2018-14817.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-11T00:00:00",
"ID" : "CVE-2018-14817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "V-Server",
"version" : {
"version_data" : [
{
"version_value" : "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name" : "Fuji Electric"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INTEGER UNDERFLOW CWE-191"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-14817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "V-Server",
"version": {
"version_data": [
{
"version_value": "4.0.3.0 and prior"
}
]
}
}
]
},
"vendor_name": "Fuji Electric"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name" : "105341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INTEGER UNDERFLOW CWE-191"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}

34
2018/15xxx/CVE-2018-15118.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15118",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15118",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15309.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15309",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15309",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2018/15xxx/CVE-2018-15454.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-31T19:30:00-0500",
"ID" : "CVE-2018-15454",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Adaptive Security Appliance (ASA) Software ",
"version" : {
"version_data" : [
{
"version_value" : "9.4"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) has become aware of active exploitation of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.6",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-31T19:30:00-0500",
"ID": "CVE-2018-15454",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
"version": {
"version_data": [
{
"version_value": "9.4"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181031 Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos"
},
{
"name" : "105768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105768"
},
{
"name" : "1042129",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042129"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181031-asaftd-sip-dos",
"defect" : [
[
"CSCvm43975"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) has become aware of active exploitation of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105768"
},
{
"name": "1042129",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042129"
},
{
"name": "20181031 Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20181031-asaftd-sip-dos",
"defect": [
[
"CSCvm43975"
]
],
"discovery": "INTERNAL"
}
}

34
2018/15xxx/CVE-2018-15500.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15500",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15500",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/15xxx/CVE-2018-15700.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00",
"ID" : "CVE-2018-15700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TP-Link TL-WRN841N",
"version" : {
"version_data" : [
{
"version_value" : "Firmware versions 0.9.1 4.16 v0348.0 and below"
}
]
}
}
]
},
"vendor_name" : "TP-Link"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-01T00:00:00",
"ID": "CVE-2018-15700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TP-Link TL-WRN841N",
"version": {
"version_data": [
{
"version_value": "Firmware versions 0.9.1 4.16 v0348.0 and below"
}
]
}
}
]
},
"vendor_name": "TP-Link"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-27",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-27"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-27",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-27"
}
]
}
}

34
2018/8xxx/CVE-2018-8054.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8054",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8054",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/8xxx/CVE-2018-8056.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44495",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44495/"
},
{
"name" : "https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_physical_path_leakage.md",
"refsource" : "MISC",
"url" : "https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_physical_path_leakage.md"
},
{
"name" : "https://github.com/cobub/razor/issues/162",
"refsource" : "MISC",
"url" : "https://github.com/cobub/razor/issues/162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_physical_path_leakage.md",
"refsource": "MISC",
"url": "https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_physical_path_leakage.md"
},
{
"name": "https://github.com/cobub/razor/issues/162",
"refsource": "MISC",
"url": "https://github.com/cobub/razor/issues/162"
},
{
"name": "44495",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44495/"
}
]
}
}

34
2018/8xxx/CVE-2018-8695.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8695",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8695",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/8xxx/CVE-2018-8880.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44488",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44488/"
},
{
"name" : "http://sadfud.me/explotos/deviceip.txt",
"refsource" : "MISC",
"url" : "http://sadfud.me/explotos/deviceip.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sadfud.me/explotos/deviceip.txt",
"refsource": "MISC",
"url": "http://sadfud.me/explotos/deviceip.txt"
},
{
"name": "44488",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44488/"
}
]
}
}