admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:35:55 +00:00
parent 1fac9d00ec
commit ec571d8a71
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3953 additions and 3953 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2005/0xxx/CVE-2005-0164.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0164", "ID": "CVE-2005-0164",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2005/0xxx/CVE-2005-0527.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0527", "ID": "CVE-2005-0527",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load \"privileged content\" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka \"Firescrolling.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050225 Firescrolling [Firefox 1.0]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110935267500395&w=2" "lang": "eng",
}, "value": "Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load \"privileged content\" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka \"Firescrolling.\""
{ }
"name" : "http://www.mikx.de/?p=11", ]
"refsource" : "MISC", },
"url" : "http://www.mikx.de/?p=11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/mfsa2005-27.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/mfsa2005-27.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200503-10", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml" ]
}, },
{ "references": {
"name" : "GLSA-200503-30", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" "name": "http://www.mikx.de/?p=11",
}, "refsource": "MISC",
{ "url": "http://www.mikx.de/?p=11"
"name" : "RHSA-2005:176", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html" "name": "http://www.mozilla.org/security/announce/mfsa2005-27.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/mfsa2005-27.html"
"name" : "RHSA-2005:384", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" "name": "1013301",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1013301"
"name" : "oval:org.mitre.oval:def:100031", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100031" "name": "20050225 Firescrolling [Firefox 1.0]",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=110935267500395&w=2"
"name" : "oval:org.mitre.oval:def:11772", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11772" "name": "oval:org.mitre.oval:def:11772",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11772"
"name" : "1013301", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013301" "name": "RHSA-2005:176",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
} },
} {
"name": "RHSA-2005:384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "oval:org.mitre.oval:def:100031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100031"
}
]
}
}

150
2005/0xxx/CVE-2005-0656.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0656", "ID": "CVE-2005-0656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050302 Vulnerabilities in Aura CMS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110979842315750&w=2" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php."
{ }
"name" : "http://echo.or.id/adv/adv011-y3dips-2005.txt", ]
"refsource" : "MISC", },
"url" : "http://echo.or.id/adv/adv011-y3dips-2005.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1013357", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013357" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14458", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14458" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050302 Vulnerabilities in Aura CMS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110979842315750&w=2"
},
{
"name": "http://echo.or.id/adv/adv011-y3dips-2005.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv011-y3dips-2005.txt"
},
{
"name": "1013357",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013357"
},
{
"name": "14458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14458"
}
]
}
}

34
2005/1xxx/CVE-2005-1390.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-1390", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-1390",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0174. Reason: This candidate is a duplicate of CVE-2005-0174. Notes: All CVE users should reference CVE-2005-0174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0174. Reason: This candidate is a duplicate of CVE-2005-0174. Notes: All CVE users should reference CVE-2005-0174 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2005/3xxx/CVE-2005-3117.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-3117", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-3117",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3150. Reason: This candidate was privately assigned by a CNA to an issue, but the issue was published through separate channels and assigned a new identifier by the MITRE CNA, so it is a duplicate of CVE-2005-3150. Notes: All CVE users should reference CVE-2005-3150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3150. Reason: This candidate was privately assigned by a CNA to an issue, but the issue was published through separate channels and assigned a new identifier by the MITRE CNA, so it is a duplicate of CVE-2005-3150. Notes: All CVE users should reference CVE-2005-3150 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

960
2005/3xxx/CVE-2005-3625.json
View File

@ -1,482 +1,482 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-3625", "ID": "CVE-2005-3625",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://scary.beasts.org/security/CESA-2005-003.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://scary.beasts.org/security/CESA-2005-003.txt" "lang": "eng",
}, "value": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\""
{ }
"name" : "http://www.kde.org/info/security/advisory-20051207-2.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kde.org/info/security/advisory-20051207-2.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-931", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-931" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-932", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2005/dsa-932" ]
}, },
{ "references": {
"name" : "DSA-937", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-937" "name": "16143",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16143"
"name" : "DSA-938", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-938" "name": "DSA-932",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-932"
"name" : "DSA-940", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-940" "name": "18349",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18349"
"name" : "DSA-936", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-936" "name": "oval:org.mitre.oval:def:9575",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575"
"name" : "DSA-950", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-950" "name": "18147",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18147"
"name" : "DSA-961", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-961" "name": "SCOSA-2006.15",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt"
"name" : "DSA-962", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-962" "name": "http://scary.beasts.org/security/CESA-2005-003.txt",
}, "refsource": "MISC",
{ "url": "http://scary.beasts.org/security/CESA-2005-003.txt"
"name" : "FLSA:175404", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded" "name": "http://www.kde.org/info/security/advisory-20051207-2.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.kde.org/info/security/advisory-20051207-2.txt"
"name" : "FEDORA-2005-025", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html" "name": "18679",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18679"
"name" : "FEDORA-2005-026", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html" "name": "18312",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18312"
"name" : "FLSA-2006:176751", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded" "name": "18644",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18644"
"name" : "GLSA-200601-02", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml" "name": "USN-236-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/236-1/"
"name" : "GLSA-200601-17", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml" "name": "18425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18425"
"name" : "MDKSA-2006:010", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010" "name": "18373",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18373"
"name" : "MDKSA-2006:003", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003" "name": "18303",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18303"
"name" : "MDKSA-2006:004", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004" "name": "DSA-931",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-931"
"name" : "MDKSA-2006:005", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005" "name": "18554",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18554"
"name" : "MDKSA-2006:006", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006" "name": "MDKSA-2006:003",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"
"name" : "MDKSA-2006:008", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008" "name": "19230",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19230"
"name" : "MDKSA-2006:012", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012" "name": "102972",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1"
"name" : "MDKSA-2006:011", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011" "name": "MDKSA-2006:012",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012"
"name" : "RHSA-2006:0177", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0177.html" "name": "DSA-962",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-962"
"name" : "RHSA-2006:0160", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html" "name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html"
"name" : "RHSA-2006:0163", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0163.html" "name": "RHSA-2006:0163",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0163.html"
"name" : "SCOSA-2006.15", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt" "name": "DSA-937",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-937"
"name" : "20051201-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U" "name": "18398",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18398"
"name" : "20060101-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" "name": "FLSA-2006:176751",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded"
"name" : "20060201-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" "name": "2006-0002",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2006/0002/"
"name" : "SSA:2006-045-04", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747" "name": "SUSE-SA:2006:001",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html"
"name" : "SSA:2006-045-09", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683" "name": "DSA-936",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-936"
"name" : "102972", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1" "name": "FEDORA-2005-026",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html"
"name" : "SUSE-SA:2006:001", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html" "name": "18329",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18329"
"name" : "2006-0002", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2006/0002/" "name": "18463",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18463"
"name" : "USN-236-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/236-1/" "name": "18642",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18642"
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html" "name": "18674",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18674"
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html" "name": "MDKSA-2006:005",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005"
"name" : "16143", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16143" "name": "18313",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18313"
"name" : "oval:org.mitre.oval:def:9575", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9575" "name": "20051201-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
"name" : "ADV-2006-0047", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0047" "name": "20060101-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
"name" : "ADV-2007-2280", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2280" "name": "18448",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18448"
"name" : "18303", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18303" "name": "18436",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18436"
"name" : "18312", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18312" "name": "18428",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18428"
"name" : "18313", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18313" "name": "18380",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18380"
"name" : "18329", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18329" "name": "18423",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18423"
"name" : "18332", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18332" "name": "18416",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18416"
"name" : "18334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18334" "name": "RHSA-2006:0177",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0177.html"
"name" : "18335", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18335" "name": "ADV-2007-2280",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2280"
"name" : "18387", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18387" "name": "GLSA-200601-02",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml"
"name" : "18416", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18416" "name": "18335",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18335"
"name" : "18338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18338" "name": "18407",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18407"
"name" : "18349", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18349" "name": "18332",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18332"
"name" : "18375", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18375" "name": "18517",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18517"
"name" : "18385", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18385" "name": "18582",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18582"
"name" : "18389", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18389" "name": "18534",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18534"
"name" : "18423", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18423" "name": "SSA:2006-045-09",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683"
"name" : "18448", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18448" "name": "xpdf-ccittfaxdecode-dctdecode-dos(24023)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24023"
"name" : "18398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18398" "name": "18908",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18908"
"name" : "18407", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18407" "name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html"
"name" : "18534", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18534" "name": "25729",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25729"
"name" : "18582", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18582" "name": "18414",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18414"
"name" : "18517", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18517" "name": "MDKSA-2006:006",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006"
"name" : "18554", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18554" "name": "18338",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18338"
"name" : "18642", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18642" "name": "MDKSA-2006:008",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008"
"name" : "18644", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18644" "name": "20060201-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
"name" : "18674", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18674" "name": "RHSA-2006:0160",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html"
"name" : "18675", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18675" "name": "MDKSA-2006:010",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010"
"name" : "18679", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18679" "name": "DSA-940",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-940"
"name" : "18908", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18908" "name": "MDKSA-2006:004",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004"
"name" : "18913", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18913" "name": "ADV-2006-0047",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0047"
"name" : "19230", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19230" "name": "GLSA-200601-17",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml"
"name" : "19377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19377" "name": "18389",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18389"
"name" : "18425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18425" "name": "SSA:2006-045-04",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747"
"name" : "18463", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18463" "name": "19377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19377"
"name" : "18147", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18147" "name": "FEDORA-2005-025",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html"
"name" : "18373", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18373" "name": "FLSA:175404",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded"
"name" : "18380", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18380" "name": "DSA-961",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-961"
"name" : "18414", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18414" "name": "18675",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18675"
"name" : "18428", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18428" "name": "18913",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18913"
"name" : "18436", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18436" "name": "DSA-938",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-938"
"name" : "25729", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25729" "name": "18334",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18334"
"name" : "xpdf-ccittfaxdecode-dctdecode-dos(24023)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24023" "name": "18375",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18375"
} },
} {
"name": "DSA-950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-950"
},
{
"name": "18387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18387"
},
{
"name": "MDKSA-2006:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011"
},
{
"name": "18385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18385"
}
]
}
}

170
2005/3xxx/CVE-2005-3739.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3739", "ID": "CVE-2005-3739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/lists/bugtraq/2005/Nov/0232.html" "lang": "eng",
}, "value": "Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors."
{ }
"name" : "20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://seclists.org/lists/bugtraq/2005/Nov/0237.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://myblog.it-security23.net/advisories/advisory-6.txt", "description": [
"refsource" : "MISC", {
"url" : "http://myblog.it-security23.net/advisories/advisory-6.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-2504", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/2504" ]
}, },
{ "references": {
"name" : "20990", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20990" "name": "20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://seclists.org/lists/bugtraq/2005/Nov/0237.html"
"name" : "17664", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17664" "name": "http://myblog.it-security23.net/advisories/advisory-6.txt",
} "refsource": "MISC",
] "url": "http://myblog.it-security23.net/advisories/advisory-6.txt"
} },
} {
"name": "20990",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20990"
},
{
"name": "20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Nov/0232.html"
},
{
"name": "ADV-2005-2504",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2504"
},
{
"name": "17664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17664"
}
]
}
}

140
2005/3xxx/CVE-2005-3835.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3835", "ID": "CVE-2005-3835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/11/desklance-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/11/desklance-vuln.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter."
{ }
"name" : "ADV-2005-2575", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2005/2575" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17730", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17730" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2575",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2575"
},
{
"name": "17730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17730"
},
{
"name": "http://pridels0.blogspot.com/2005/11/desklance-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/desklance-vuln.html"
}
]
}
}

180
2005/4xxx/CVE-2005-4677.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4677", "ID": "CVE-2005-4677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051006 OScommerce: \"Additional Images\" Module SQL Injection", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html" "lang": "eng",
}, "value": "SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php."
{ }
"name" : "http://www.oscommerce.com/community/contributions,1032", ]
"refsource" : "MISC", },
"url" : "http://www.oscommerce.com/community/contributions,1032" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15023", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15023" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-1974", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/1974" ]
}, },
{ "references": {
"name" : "19874", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19874" "name": "19874",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/19874"
"name" : "17082", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17082" "name": "17082",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17082"
"name" : "oscommerce-productinfo-sql-injection(22528)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22528" "name": "15023",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15023"
} },
} {
"name": "ADV-2005-1974",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1974"
},
{
"name": "20051006 OScommerce: \"Additional Images\" Module SQL Injection",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0124.html"
},
{
"name": "http://www.oscommerce.com/community/contributions,1032",
"refsource": "MISC",
"url": "http://www.oscommerce.com/community/contributions,1032"
},
{
"name": "oscommerce-productinfo-sql-injection(22528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22528"
}
]
}
}

150
2005/4xxx/CVE-2005-4831.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4831", "ID": "CVE-2005-4831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) \"text/html\", or (2) \"image/jpeg\" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070226 ViewCVS 0.9.4 issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/461382/100/0/threaded" "lang": "eng",
}, "value": "viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) \"text/html\", or (2) \"image/jpeg\" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected."
{ }
"name" : "20050101 Two Vulnerabilities in ViewCVS", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12112", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12112" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1017704", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1017704" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050101 Two Vulnerabilities in ViewCVS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html"
},
{
"name": "1017704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017704"
},
{
"name": "20070226 ViewCVS 0.9.4 issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461382/100/0/threaded"
},
{
"name": "12112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12112"
}
]
}
}

140
2009/0xxx/CVE-2009-0292.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0292", "ID": "CVE-2009-0292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7874", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7874" "lang": "eng",
}, "value": "SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter."
{ }
"name" : "51615", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/51615" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33660", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33660" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "7874",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7874"
},
{
"name": "51615",
"refsource": "OSVDB",
"url": "http://osvdb.org/51615"
},
{
"name": "33660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33660"
}
]
}
}

190
2009/2xxx/CVE-2009-2864.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-2864", "ID": "CVE-2009-2864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883" "lang": "eng",
}, "value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423."
{ }
"name" : "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36496", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36496" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "58344", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/58344" ]
}, },
{ "references": {
"name" : "1022931", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022931" "name": "58344",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/58344"
"name" : "36836", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36836" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883"
"name" : "ADV-2009-2757", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2757" "name": "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml"
"name" : "cisco-ucm-sip-dos(53447)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447" "name": "1022931",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1022931"
} },
} {
"name": "36836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36836"
},
{
"name": "ADV-2009-2757",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2757"
},
{
"name": "cisco-ucm-sip-dos(53447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447"
},
{
"name": "36496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36496"
}
]
}
}

140
2009/3xxx/CVE-2009-3054.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3054", "ID": "CVE-2009-3054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9563", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9563" "lang": "eng",
}, "value": "SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php."
{ }
"name" : "36206", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36206" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "artportal-portalid-sql-injection(52962)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52962" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "artportal-portalid-sql-injection(52962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52962"
},
{
"name": "9563",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9563"
},
{
"name": "36206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36206"
}
]
}
}

140
2009/3xxx/CVE-2009-3225.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3225", "ID": "CVE-2009-3225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almond Classifieds Wap and Pro, and possibly Almond Affiliate Network Classifieds, allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter in a browse action to index.php or (2) the addr parameter to gmap.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "35816", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35816" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36003", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36003" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/almondclassifieds-xss.txt"
},
{
"name": "36003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36003"
},
{
"name": "35816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35816"
}
]
}
}

140
2009/3xxx/CVE-2009-3467.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2009-3467", "ID": "CVE-2009-3467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-11.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
{ }
"name" : "39790", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/39790" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-1127", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1127" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "39790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39790"
},
{
"name": "ADV-2010-1127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1127"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-11.html"
}
]
}
}

160
2009/4xxx/CVE-2009-4087.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4087", "ID": "CVE-2009-4087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
{ }
"name" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/", ]
"refsource" : "CONFIRM", },
"url" : "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "60213", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/60213" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37391", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/37391" ]
}, },
{ "references": {
"name" : "teleparkwiki-index-xss(54293)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293" "name": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/",
} "refsource": "CONFIRM",
] "url": "http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/"
} },
} {
"name": "37391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37391"
},
{
"name": "teleparkwiki-index-xss(54293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54293"
},
{
"name": "60213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60213"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt"
}
]
}
}

150
2009/4xxx/CVE-2009-4104.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4104", "ID": "CVE-2009-4104",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityreason.com/exploitalert/7480", "description_data": [
"refsource" : "MISC", {
"url" : "http://securityreason.com/exploitalert/7480" "lang": "eng",
}, "value": "SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php."
{ }
"name" : "37140", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/37140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "60518", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/60518" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37499", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/37499" ]
} },
] "references": {
} "reference_data": [
} {
"name": "37140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37140"
},
{
"name": "60518",
"refsource": "OSVDB",
"url": "http://osvdb.org/60518"
},
{
"name": "http://securityreason.com/exploitalert/7480",
"refsource": "MISC",
"url": "http://securityreason.com/exploitalert/7480"
},
{
"name": "37499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37499"
}
]
}
}

260
2009/4xxx/CVE-2009-4640.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4640", "ID": "CVE-2009-4640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html" "lang": "eng",
}, "value": "Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read."
{ }
"name" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240", ]
"refsource" : "MISC", },
"url" : "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2000", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2000" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2011:060", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" ]
}, },
{ "references": {
"name" : "MDVSA-2011:061", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" "name": "MDVSA-2011:088",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
"name" : "MDVSA-2011:088", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" "name": "36805",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36805"
"name" : "MDVSA-2011:112", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112" "name": "36465",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36465"
"name" : "MDVSA-2011:114", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114" "name": "39482",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39482"
"name" : "USN-931-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-931-1" "name": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240",
}, "refsource": "MISC",
{ "url": "https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240"
"name" : "36465", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36465" "name": "MDVSA-2011:061",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
"name" : "36805", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36805" "name": "MDVSA-2011:112",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
"name" : "38643", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38643" "name": "MDVSA-2011:114",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
"name" : "39482", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39482" "name": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html",
}, "refsource": "MISC",
{ "url": "http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html"
"name" : "ADV-2010-0935", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0935" "name": "38643",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38643"
"name" : "ADV-2011-1241", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1241" "name": "ADV-2011-1241",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/1241"
} },
} {
"name": "MDVSA-2011:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
},
{
"name": "DSA-2000",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2000"
},
{
"name": "USN-931-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-931-1"
},
{
"name": "ADV-2010-0935",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0935"
}
]
}
}

140
2009/4xxx/CVE-2009-4934.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4934", "ID": "CVE-2009-4934",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter."
{ }
"name" : "34625", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34625" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34825", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34825" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "34625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34625"
},
{
"name": "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0904-exploits/opp20-xss.txt"
},
{
"name": "34825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34825"
}
]
}
}

140
2012/2xxx/CVE-2012-2522.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-2522", "ID": "CVE-2012-2522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka \"Virtual Function Table Corruption Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-052", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka \"Virtual Function Table Corruption Remote Code Execution Vulnerability.\""
{ }
"name" : "TA12-227A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15498", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15498" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS12-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052"
},
{
"name": "oval:org.mitre.oval:def:15498",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15498"
},
{
"name": "TA12-227A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2554.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-2554", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-2554",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

240
2012/2xxx/CVE-2012-2686.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2686", "ID": "CVE-2012-2686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721" "lang": "eng",
}, "value": "crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data."
{ }
"name" : "http://www.openssl.org/news/secadv_20130204.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.openssl.org/news/secadv_20130204.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=908029", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=908029" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5880", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5880" ]
}, },
{ "references": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001" "name": "57755",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57755"
"name" : "APPLE-SA-2013-09-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" "name": "55139",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55139"
"name" : "HPSBUX02909", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545771702053&w=2" "name": "http://www.openssl.org/news/secadv_20130204.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.openssl.org/news/secadv_20130204.txt"
"name" : "SSRT101289", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545771702053&w=2" "name": "oval:org.mitre.oval:def:18868",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868"
"name" : "57755", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57755" "name": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721",
}, "refsource": "CONFIRM",
{ "url": "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721"
"name" : "oval:org.mitre.oval:def:18868", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18868" "name": "SSRT101289",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"
"name" : "oval:org.mitre.oval:def:19660", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"
"name" : "55108", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55108" "name": "HPSBUX02909",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"
"name" : "55139", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55139" "name": "APPLE-SA-2013-09-12-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
} },
} {
"name": "55108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55108"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=908029",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908029"
},
{
"name": "oval:org.mitre.oval:def:19660",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19660"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
}
]
}
}

120
2015/0xxx/CVE-2015-0130.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-0130", "ID": "CVE-2015-0130",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960407", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960407" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Team Concert (RTC) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Requirements Composer (RRC) 4.x through 4.0.7; and Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960407"
}
]
}
}

140
2015/0xxx/CVE-2015-0523.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2015-0523", "ID": "CVE-2015-0523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150311 ESA-2015-014: RSA Digital Certificate Solution Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2015/Mar/47" "lang": "eng",
}, "value": "EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header."
{ }
"name" : "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031912", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031912" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20150311 ESA-2015-014: RSA Digital Certificate Solution Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Mar/47"
},
{
"name": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html"
},
{
"name": "1031912",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031912"
}
]
}
}

34
2015/0xxx/CVE-2015-0955.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-0955", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-0955",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0955. Reason: This candidate is a duplicate of CVE-2016-0955. Notes: All CVE users should reference CVE-2016-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0955. Reason: This candidate is a duplicate of CVE-2016-0955. Notes: All CVE users should reference CVE-2016-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

160
2015/1xxx/CVE-2015-1060.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1060", "ID": "CVE-2015-1060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35710", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35710" "lang": "eng",
}, "value": "Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."
{ }
"name" : "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "116721", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/116721" ]
}, },
{ "references": {
"name" : "adaptcms-referer-open-redirect(99618)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99618" "name": "adaptcms-referer-open-redirect(99618)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99618"
} },
} {
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5219.php"
},
{
"name": "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129813/AdaptCMS-3.0.3-HTTP-Referer-Header-Open-Redirect.html"
},
{
"name": "116721",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116721"
},
{
"name": "35710",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35710"
}
]
}
}

230
2015/1xxx/CVE-2015-1368.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1368", "ID": "CVE-2015-1368",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534464/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/."
{ }
"name" : "35786", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/35786" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jan/52" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html" ]
}, },
{ "references": {
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt" "name": "ansibletower-orderbynextrun-xss(99924)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99924"
"name" : "72023", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72023" "name": "116963",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/116963"
"name" : "116961", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116961" "name": "116962",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/116962"
"name" : "116962", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116962" "name": "116961",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/116961"
"name" : "116963", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116963" "name": "72023",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/72023"
"name" : "116964", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116964" "name": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.html"
"name" : "116965", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116965" "name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/534464/100/0/threaded"
"name" : "ansibletower-orderbynextrun-xss(99924)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99924" "name": "116964",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/show/osvdb/116964"
} },
} {
"name": "116965",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116965"
},
{
"name": "20150113 SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/52"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txt"
},
{
"name": "35786",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35786"
}
]
}
}

140
2015/1xxx/CVE-2015-1724.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1724", "ID": "CVE-2015-1724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Object Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "38272", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/38272/" "lang": "eng",
}, "value": "Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Microsoft Windows Kernel Object Use After Free Vulnerability.\""
{ }
"name" : "MS15-061", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032525", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032525" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1032525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032525"
},
{
"name": "38272",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38272/"
},
{
"name": "MS15-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061"
}
]
}
}

140
2015/1xxx/CVE-2015-1904.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1904", "ID": "CVE-2015-1904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960293", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960293" "lang": "eng",
}, "value": "IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action."
{ }
"name" : "JR53209", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033159", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033159" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960293"
},
{
"name": "JR53209",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209"
},
{
"name": "1033159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033159"
}
]
}
}

140
2015/5xxx/CVE-2015-5107.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-5107", "ID": "CVE-2015-5107",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-371", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-371" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to obtain sensitive information via unspecified vectors."
{ }
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032892", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032892" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-371",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-371"
}
]
}
}

280
2015/5xxx/CVE-2015-5195.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5195", "ID": "CVE-2015-5195",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150825 Several low impact ntp.org ntpd issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/08/25/3" "lang": "eng",
}, "value": "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1254544", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1254544" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157", ]
"refsource" : "CONFIRM", }
"url" : "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157" ]
}, },
{ "references": {
"name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21985122", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21985122" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544"
"name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21986956", },
"refsource" : "CONFIRM", {
"url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21986956" "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157",
}, "refsource": "CONFIRM",
{ "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
"name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21988706", },
"refsource" : "CONFIRM", {
"url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21988706" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"name" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989542", },
"refsource" : "CONFIRM", {
"url" : "https://www-01.ibm.com/support/docview.wss?uid=swg21989542" "name": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" "name": "USN-2783-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2783-1"
"name" : "DSA-3388", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3388" "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956",
}, "refsource": "CONFIRM",
{ "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
"name" : "FEDORA-2015-14212", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html" "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706",
}, "refsource": "CONFIRM",
{ "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
"name" : "FEDORA-2015-14213", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html" "name": "RHSA-2016:2583",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
"name" : "FEDORA-2015-77bfbc1bcd", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html" "name": "FEDORA-2015-77bfbc1bcd",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
"name" : "RHSA-2016:0780", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0780.html" "name": "RHSA-2016:0780",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
"name" : "RHSA-2016:2583", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2583.html" "name": "DSA-3388",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3388"
"name" : "USN-2783-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2783-1" "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
"name" : "76474", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76474" "name": "76474",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/76474"
} },
} {
"name": "FEDORA-2015-14212",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"name": "FEDORA-2015-14213",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
}
]
}
}

34
2015/5xxx/CVE-2015-5585.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-5585", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-5585",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

140
2015/5xxx/CVE-2015-5872.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5872", "ID": "CVE-2015-5872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205267", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205267" "lang": "eng",
}, "value": "IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890."
{ }
"name" : "APPLE-SA-2015-09-30-3", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033703", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033703" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
}
]
}
}

158
2018/3xxx/CVE-2018-3190.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3190", "ID": "CVE-2018-3190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "E-Business Intelligence", "product_name": "E-Business Intelligence",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3" "version_value": "12.1.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
{ }
"name" : "105629", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105629" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041897", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041897" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle E-Business Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle E-Business Intelligence accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105629"
},
{
"name": "1041897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041897"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

132
2018/3xxx/CVE-2018-3311.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3311", "ID": "CVE-2018-3311",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MICROS Xstore Payment", "product_name": "MICROS Xstore Payment",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "3.3" "version_value": "3.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Retail Xstore Payment component of Oracle Retail Applications (subcomponent: Security). The supported version that is affected is 3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)."
{ }
"name" : "106566", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106566" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Payment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Payment accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Payment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Xstore Payment."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106566"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}

34
2018/3xxx/CVE-2018-3481.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3481", "ID": "CVE-2018-3481",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/3xxx/CVE-2018-3603.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2018-3603", "ID": "CVE-2018-3603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro Control Manager", "product_name": "Trend Micro Control Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-112/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-112/" "lang": "eng",
}, "value": "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
{ }
"name" : "https://success.trendmicro.com/solution/1119158", ]
"refsource" : "CONFIRM", },
"url" : "https://success.trendmicro.com/solution/1119158" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
},
{
"name": "https://success.trendmicro.com/solution/1119158",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119158"
}
]
}
}

132
2018/3xxx/CVE-2018-3733.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3733", "ID": "CVE-2018-3733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "crud-file-server node module", "product_name": "crud-file-server node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions before 0.9.0" "version_value": "Versions before 0.9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82" "lang": "eng",
}, "value": "crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path."
{ }
"name" : "https://hackerone.com/reports/310690", ]
"refsource" : "MISC", },
"url" : "https://hackerone.com/reports/310690" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/310690",
"refsource": "MISC",
"url": "https://hackerone.com/reports/310690"
},
{
"name": "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82",
"refsource": "MISC",
"url": "https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82"
}
]
}
}

34
2018/6xxx/CVE-2018-6453.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6453", "ID": "CVE-2018-6453",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/7xxx/CVE-2018-7063.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"ID" : "CVE-2018-7063", "ID": "CVE-2018-7063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Aruba ClearPass Policy Manager", "product_name": "Aruba ClearPass Policy Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ClearPass 6.7.x prior to 6.7.6, ClearPass 6.6.10 and earlier without hotfix applied" "version_value": "ClearPass 6.7.x prior to 6.7.6, ClearPass 6.6.10 and earlier without hotfix applied"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote access restriction bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt" "lang": "eng",
} "value": "In Aruba ClearPass, disabled API admins can still perform read/write operations. In certain circumstances, API admins in ClearPass which have been disabled may still be able to perform read/write operations on parts of the XML API. This can lead to unauthorized access to the API and complete compromise of the ClearPass instance if an attacker knows of the existence of these accounts."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote access restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-007.txt"
}
]
}
}

120
2018/7xxx/CVE-2018-7173.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7173", "ID": "CVE-2018-7173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607", "description_data": [
"refsource" : "MISC", {
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607" "lang": "eng",
} "value": "A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=607"
}
]
}
}

120
2018/7xxx/CVE-2018-7243.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"ID" : "CVE-2018-7243", "ID": "CVE-2018-7243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS", "product_name": "66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000" "version_value": "MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authorization Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/" "lang": "eng",
} "value": "An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-01/"
}
]
}
}

168
2018/7xxx/CVE-2018-7357.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@zte.com.cn", "ASSIGNER": "psirt@zte.com.cn",
"ID" : "CVE-2018-7357", "ID": "CVE-2018-7357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ZXHN H168N", "product_name": "ZXHN H168N",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T" "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ZTE" "vendor_name": "ZTE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization\n"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45972", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45972/" "lang": "eng",
}, "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
{ }
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523", ]
"refsource" : "CONFIRM", },
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523" "impact": {
} "cvss": {
] "attackComplexity": "LOW",
}, "attackVector": "ADJACENT_NETWORK",
"source" : { "availabilityImpact": "NONE",
"discovery" : "UNKNOWN" "baseScore": 6.5,
} "baseSeverity": "MEDIUM",
} "confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45972",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45972/"
},
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

130
2018/7xxx/CVE-2018-7874.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7874", "ID": "CVE-2018-7874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260" "lang": "eng",
}, "value": "An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."
{ }
"name" : "https://github.com/libming/libming/issues/115", ]
"refsource" : "MISC", },
"url" : "https://github.com/libming/libming/issues/115" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260"
},
{
"name": "https://github.com/libming/libming/issues/115",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/115"
}
]
}
}

230
2018/8xxx/CVE-2018-8087.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8087", "ID": "CVE-2018-8087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51", "description_data": [
"refsource" : "MISC", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51" "lang": "eng",
}, "value": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case."
{ }
"name" : "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51", ]
"refsource" : "MISC", },
"url" : "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4188", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4188" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3676-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3676-1/" ]
}, },
{ "references": {
"name" : "USN-3676-2", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3676-2/" "name": "USN-3676-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3676-1/"
"name" : "USN-3677-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3677-1/" "name": "USN-3678-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3678-2/"
"name" : "USN-3677-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3677-2/" "name": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51",
}, "refsource": "MISC",
{ "url": "https://github.com/torvalds/linux/commit/0ddcff49b672239dda94d70d0fcf50317a9f4b51"
"name" : "USN-3678-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3678-1/" "name": "USN-3678-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3678-1/"
"name" : "USN-3678-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3678-2/" "name": "USN-3677-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3677-1/"
"name" : "USN-3678-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3678-3/" "name": "103397",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/103397"
"name" : "USN-3678-4", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3678-4/" "name": "DSA-4188",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4188"
"name" : "103397", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103397" "name": "USN-3678-3",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3678-3/"
} },
} {
"name": "USN-3677-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3677-2/"
},
{
"name": "USN-3676-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3676-2/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ddcff49b672239dda94d70d0fcf50317a9f4b51"
},
{
"name": "USN-3678-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3678-4/"
}
]
}
}

220
2018/8xxx/CVE-2018-8354.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8354", "ID": "CVE-2018-8354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
}, },
{ {
"product_name" : "ChakraCore", "product_name": "ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore" "version_value": "ChakraCore"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459."
{ }
"name" : "105232", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105232" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041623", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041623" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105232"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8354"
},
{
"name": "1041623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041623"
}
]
}
}

544
2018/8xxx/CVE-2018-8517.json
View File

@ -1,274 +1,274 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8517", "ID": "CVE-2018-8517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft .NET Framework", "product_name": "Microsoft .NET Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1809 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1809 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 8.1 for 32-bit systems" "version_value": "3.5 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "3.5 on Windows 8.1 for x64-based systems" "version_value": "3.5 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012" "version_value": "3.5 on Windows Server 2012"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 (Server Core installation)" "version_value": "3.5 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 R2" "version_value": "3.5 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2016" "version_value": "3.5 on Windows Server 2016"
}, },
{ {
"version_value" : "3.5 on Windows Server 2016 (Server Core installation)" "version_value": "3.5 on Windows Server 2016 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2019" "version_value": "3.5 on Windows Server 2019"
}, },
{ {
"version_value" : "3.5 on Windows Server 2019 (Server Core installation)" "version_value": "3.5 on Windows Server 2019 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
}, },
{ {
"version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" "version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "4.5.2 on Windows 8.1 for x64-based systems" "version_value": "4.5.2 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "4.5.2 on Windows RT 8.1" "version_value": "4.5.2 on Windows RT 8.1"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012" "version_value": "4.5.2 on Windows Server 2012"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 R2" "version_value": "4.5.2 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1809 for 32-bit Systems" "version_value": "4.7.2 on Windows 10 Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1809 for x64-based Systems" "version_value": "4.7.2 on Windows 10 Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows Server 2019" "version_value": "4.7.2 on Windows Server 2019"
}, },
{ {
"version_value" : "4.7.2 on Windows Server 2019 (Server Core installation)" "version_value": "4.7.2 on Windows Server 2019 (Server Core installation)"
}, },
{ {
"version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}, },
{ {
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka \".NET Framework Denial Of Service Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517" "lang": "eng",
}, "value": "A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka \".NET Framework Denial Of Service Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
{ }
"name" : "106075", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106075" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8517"
},
{
"name": "106075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106075"
}
]
}
}

140
2018/8xxx/CVE-2018-8970.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8970", "ID": "CVE-2018-8970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff", "description_data": [
"refsource" : "MISC", {
"url" : "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff" "lang": "eng",
}, "value": "The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not."
{ }
"name" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt", ]
"refsource" : "MISC", },
"url" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42",
"refsource": "MISC",
"url": "https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05060190a3ec4618d42"
},
{
"name": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt",
"refsource": "MISC",
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt"
},
{
"name": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff",
"refsource": "MISC",
"url": "https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed401f4951747cff"
}
]
}
}