admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:16:29 +00:00
parent ff96529340
commit f36f78e83e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4714 additions and 4714 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0230.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Cisco 7xx routers through the telnet service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1102",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Cisco 7xx routers through the telnet service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1102",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1102"
}
]
}
}

130
1999/0xxx/CVE-1999-0386.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS99-010",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010"
},
{
"name" : "111",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "111",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/111"
},
{
"name": "MS99-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010"
}
]
}
}

34
1999/0xxx/CVE-1999-0619.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0619",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The Telnet service is running.\""
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-1999-0619",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: \"The Telnet service is running.\""
}
]
}
}

160
1999/1xxx/CVE-1999-1084.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"AEDebug\" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980622 Yet another \"get yourself admin rights exploit\":",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=90222453431604&w=2"
},
{
"name" : "Q103861",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/support/kb/articles/q103/8/61.asp"
},
{
"name" : "MS00-008",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-008"
},
{
"name" : "K-029",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/k-029.shtml"
},
{
"name" : "1044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"AEDebug\" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980622 Yet another \"get yourself admin rights exploit\":",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=90222453431604&w=2"
},
{
"name": "1044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1044"
},
{
"name": "K-029",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/k-029.shtml"
},
{
"name": "MS00-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-008"
},
{
"name": "Q103861",
"refsource": "MSKB",
"url": "http://support.microsoft.com/support/kb/articles/q103/8/61.asp"
}
]
}
}

130
1999/1xxx/CVE-1999-1166.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990711 Linux 2.0.37 segment limit bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/18156"
},
{
"name" : "523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/523"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/523"
},
{
"name": "19990711 Linux 2.0.37 segment limit bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/18156"
}
]
}
}

130
1999/1xxx/CVE-1999-1510.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990517 Vulnerabilities in BisonWare FTP Server 3.5",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=92697301706956&w=2"
},
{
"name" : "bisonware-command-bo(3234)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990517 Vulnerabilities in BisonWare FTP Server 3.5",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=92697301706956&w=2"
},
{
"name": "bisonware-command-bo(3234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3234"
}
]
}
}

120
2000/0xxx/CVE-2000-0124.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/965"
}
]
}
}

140
2000/0xxx/CVE-2000-0340.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000428 SuSE 6.3 Gnomelib buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub"
},
{
"name" : "http://www.suse.com/us/support/download/updates/axp_63.html",
"refsource" : "CONFIRM",
"url" : "http://www.suse.com/us/support/download/updates/axp_63.html"
},
{
"name" : "1155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1155"
},
{
"name": "http://www.suse.com/us/support/download/updates/axp_63.html",
"refsource": "CONFIRM",
"url": "http://www.suse.com/us/support/download/updates/axp_63.html"
},
{
"name": "20000428 SuSE 6.3 Gnomelib buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub"
}
]
}
}

250
2000/0xxx/CVE-2000-0573.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000622 WuFTPD: Providing *remote* root since at least1994",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96171893218000&w=2"
},
{
"name" : "20000623 WUFTPD 2.6.0 remote root exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96179429114160&w=2"
},
{
"name" : "20000707 New Released Version of the WuFTPD Sploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96299933720862&w=2"
},
{
"name" : "20000623 ftpd: the advisory version",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com"
},
{
"name" : "AA-2000.02",
"refsource" : "AUSCERT",
"url" : "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02"
},
{
"name" : "CA-2000-13",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2000-13.html"
},
{
"name" : "CSSA-2000-020.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt"
},
{
"name" : "RHSA-2000:039",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-039.html"
},
{
"name" : "20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html"
},
{
"name" : "20000702 [Security Announce] wu-ftpd update",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html"
},
{
"name" : "FreeBSD-SA-00:29",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1"
},
{
"name" : "NetBSD-SA2000-009",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"name" : "1387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1387"
},
{
"name" : "wuftp-format-string-stack-overwrite(4773)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2000-13",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2000-13.html"
},
{
"name": "20000707 New Released Version of the WuFTPD Sploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96299933720862&w=2"
},
{
"name": "RHSA-2000:039",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-039.html"
},
{
"name": "CSSA-2000-020.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt"
},
{
"name": "20000622 WuFTPD: Providing *remote* root since at least1994",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96171893218000&w=2"
},
{
"name": "20000702 [Security Announce] wu-ftpd update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html"
},
{
"name": "20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html"
},
{
"name": "1387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1387"
},
{
"name": "FreeBSD-SA-00:29",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1"
},
{
"name": "AA-2000.02",
"refsource": "AUSCERT",
"url": "ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02"
},
{
"name": "20000623 WUFTPD 2.6.0 remote root exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96179429114160&w=2"
},
{
"name": "NetBSD-SA2000-009",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc"
},
{
"name": "20000623 ftpd: the advisory version",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com"
},
{
"name": "wuftp-format-string-stack-overwrite(4773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4773"
}
]
}
}

160
2000/0xxx/CVE-2000-0778.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a \"Translate: f\" header, aka the \"Specialized Header\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS00-058",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058"
},
{
"name" : "20000815 Translate:f summary, history and thoughts",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz"
},
{
"name" : "20000816 Translate: f",
"refsource" : "NTBUGTRAQ",
"url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212"
},
{
"name" : "1578",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1578"
},
{
"name" : "oval:org.mitre.oval:def:927",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a \"Translate: f\" header, aka the \"Specialized Header\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000816 Translate: f",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212"
},
{
"name": "MS00-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058"
},
{
"name": "20000815 Translate:f summary, history and thoughts",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz"
},
{
"name": "1578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1578"
},
{
"name": "oval:org.mitre.oval:def:927",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927"
}
]
}
}

230
2000/0xxx/CVE-2000-0844.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000904 UNIX locale format string vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html"
},
{
"name" : "20000902 glibc: local root exploit",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2000/20000902"
},
{
"name" : "CSSA-2000-030.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt"
},
{
"name" : "RHSA-2000:057",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-057.html"
},
{
"name" : "20000906 glibc locale security problem",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html"
},
{
"name" : "TLSA2000020-1",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html"
},
{
"name" : "IY13753",
"refsource" : "AIXAPAR",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html"
},
{
"name" : "SSRT0689U",
"refsource" : "COMPAQ",
"url" : "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html"
},
{
"name" : "20000901-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P"
},
{
"name" : "20000902 Conectiva Linux Security Announcement - glibc",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html"
},
{
"name" : "1634",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1634"
},
{
"name" : "unix-locale-format-string(5176)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2000:057",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-057.html"
},
{
"name": "20000906 glibc locale security problem",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html"
},
{
"name": "20000902 Conectiva Linux Security Announcement - glibc",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html"
},
{
"name": "SSRT0689U",
"refsource": "COMPAQ",
"url": "http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html"
},
{
"name": "TLSA2000020-1",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html"
},
{
"name": "20000902 glibc: local root exploit",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20000902"
},
{
"name": "20000904 UNIX locale format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html"
},
{
"name": "IY13753",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html"
},
{
"name": "1634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1634"
},
{
"name": "CSSA-2000-030.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt"
},
{
"name": "unix-locale-format-string(5176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5176"
},
{
"name": "20000901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P"
}
]
}
}

150
2000/0xxx/CVE-2000-0929.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the \"OCX Attachment\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000929 Malformed Embedded Windows Media Player 7 \"OCX Attachment\"",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=97024839222747&w=2"
},
{
"name" : "MS00-068",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-068"
},
{
"name" : "1714",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1714"
},
{
"name" : "mediaplayer-outlook-dos(5309)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the \"OCX Attachment\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS00-068",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-068"
},
{
"name": "20000929 Malformed Embedded Windows Media Player 7 \"OCX Attachment\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97024839222747&w=2"
},
{
"name": "mediaplayer-outlook-dos(5309)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5309"
},
{
"name": "1714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1714"
}
]
}
}

140
2000/0xxx/CVE-2000-0984.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001025 Cisco IOS HTTP Server Query Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
},
{
"name" : "1838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1838"
},
{
"name" : "cisco-ios-query-dos(5412)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a \"?/\" string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001025 Cisco IOS HTTP Server Query Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml"
},
{
"name": "1838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1838"
},
{
"name": "cisco-ios-query-dos(5412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5412"
}
]
}
}

150
2000/1xxx/CVE-2000-1099.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "00199",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba"
},
{
"name" : "HPSBUX0011-132",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132"
},
{
"name" : "jdk-untrusted-java-class(5605)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5605"
},
{
"name" : "7255",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/7255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7255",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7255"
},
{
"name": "00199",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba"
},
{
"name": "jdk-untrusted-java-class(5605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5605"
},
{
"name": "HPSBUX0011-132",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132"
}
]
}
}

140
2005/2xxx/CVE-2005-2244.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050712 Cisco CallManager Memory Handling Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml"
},
{
"name" : "14255",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14255"
},
{
"name" : "malloc-return-value-dos(19053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "malloc-return-value-dos(19053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19053"
},
{
"name": "20050712 Cisco CallManager Memory Handling Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml"
},
{
"name": "14255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14255"
}
]
}
}

150
2005/2xxx/CVE-2005-2373.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050721 Arbitrary code execution in SlimFTPd v3.16",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112196537312610&w=2"
},
{
"name" : "http://www.whitsoftdev.com/slimftpd/",
"refsource" : "CONFIRM",
"url" : "http://www.whitsoftdev.com/slimftpd/"
},
{
"name" : "1014542",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014542"
},
{
"name" : "16177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014542",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014542"
},
{
"name": "http://www.whitsoftdev.com/slimftpd/",
"refsource": "CONFIRM",
"url": "http://www.whitsoftdev.com/slimftpd/"
},
{
"name": "16177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16177"
},
{
"name": "20050721 Arbitrary code execution in SlimFTPd v3.16",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112196537312610&w=2"
}
]
}
}

130
2005/2xxx/CVE-2005-2569.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050808 FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112360702307424&w=2"
},
{
"name" : "20050813 Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112413891603018&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050808 FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112360702307424&w=2"
},
{
"name": "20050813 Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112413891603018&w=2"
}
]
}
}

150
2005/3xxx/CVE-2005-3062.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050924 AlstraSoft E-Friends Remote Command Exucetion",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112758134227112&w=2"
},
{
"name" : "14932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14932"
},
{
"name" : "16941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16941/"
},
{
"name" : "22",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/22"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16941/"
},
{
"name": "22",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/22"
},
{
"name": "20050924 AlstraSoft E-Friends Remote Command Exucetion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112758134227112&w=2"
},
{
"name": "14932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14932"
}
]
}
}

200
2005/3xxx/CVE-2005-3236.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051008 Cyphor 0.19 SQL Injection / Board takeover / cross site scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879353805769&w=2"
},
{
"name" : "15047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15047"
},
{
"name" : "19943",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19943"
},
{
"name" : "19944",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19944"
},
{
"name" : "19945",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19945"
},
{
"name" : "1015020",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015020"
},
{
"name" : "17104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17104/"
},
{
"name" : "70",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/70"
},
{
"name" : "cyphor-lostpwd-newmsg-sql-injection(22552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015020",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015020"
},
{
"name": "19944",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19944"
},
{
"name": "cyphor-lostpwd-newmsg-sql-injection(22552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22552"
},
{
"name": "70",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/70"
},
{
"name": "19945",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19945"
},
{
"name": "17104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17104/"
},
{
"name": "19943",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19943"
},
{
"name": "15047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15047"
},
{
"name": "20051008 Cyphor 0.19 SQL Injection / Board takeover / cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879353805769&w=2"
}
]
}
}

160
2005/3xxx/CVE-2005-3444.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html"
},
{
"name" : "TA05-292A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html"
},
{
"name" : "VU#210524",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/210524"
},
{
"name" : "15134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15134"
},
{
"name" : "17250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html"
},
{
"name": "TA05-292A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html"
},
{
"name": "15134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15134"
},
{
"name": "VU#210524",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210524"
},
{
"name": "17250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17250"
}
]
}
}

160
2005/3xxx/CVE-2005-3730.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html"
},
{
"name" : "15484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15484"
},
{
"name" : "20922",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20922"
},
{
"name" : "1015231",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015231"
},
{
"name" : "17623",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/11/revizer-cms-sql-information-disclosure.html"
},
{
"name": "17623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17623"
},
{
"name": "15484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15484"
},
{
"name": "20922",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20922"
},
{
"name": "1015231",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015231"
}
]
}
}

170
2005/3xxx/CVE-2005-3953.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"
},
{
"name" : "15583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15583"
},
{
"name" : "21174",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21174"
},
{
"name" : "21175",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21175"
},
{
"name" : "21176",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21176"
},
{
"name" : "17760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15583"
},
{
"name": "17760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17760"
},
{
"name": "21175",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21175"
},
{
"name": "21176",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21176"
},
{
"name": "21174",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21174"
},
{
"name": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/bedengpsp-sql-inj-vuln.html"
}
]
}
}

180
2005/4xxx/CVE-2005-4501.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mediawiki.org/wiki/Download",
"refsource" : "CONFIRM",
"url" : "http://www.mediawiki.org/wiki/Download"
},
{
"name" : "SUSE-SR:2006:003",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
},
{
"name" : "16032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16032"
},
{
"name" : "ADV-2005-3059",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3059"
},
{
"name" : "18219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18219"
},
{
"name" : "18717",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18717"
},
{
"name" : "mediawiki-placeholder-bypass-security(23882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MediaWiki before 1.5.4 uses a hard-coded \"internal placeholder string\", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mediawiki.org/wiki/Download",
"refsource": "CONFIRM",
"url": "http://www.mediawiki.org/wiki/Download"
},
{
"name": "ADV-2005-3059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3059"
},
{
"name": "18219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18219"
},
{
"name": "mediawiki-placeholder-bypass-security(23882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23882"
},
{
"name": "SUSE-SR:2006:003",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html"
},
{
"name": "16032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16032"
},
{
"name": "18717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18717"
}
]
}
}

150
2009/2xxx/CVE-2009-2237.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/468450",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/468450"
},
{
"name" : "35051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35051"
},
{
"name" : "35117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35117"
},
{
"name" : "viewsbulk-unspecified-security-bypass(50659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify \"nodes or classes of nodes\" via unknown vectors, probably related to registered procedures (aka actions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/468450",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/468450"
},
{
"name": "viewsbulk-unspecified-security-bypass(50659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50659"
},
{
"name": "35051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35051"
},
{
"name": "35117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35117"
}
]
}
}

140
2009/2xxx/CVE-2009-2331.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9069",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9069"
},
{
"name" : "55672",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55672"
},
{
"name" : "55673",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php or (2) into a content/=NUMBER.php file via the title parameter to admin_new.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9069",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9069"
},
{
"name": "55672",
"refsource": "OSVDB",
"url": "http://osvdb.org/55672"
},
{
"name": "55673",
"refsource": "OSVDB",
"url": "http://osvdb.org/55673"
}
]
}
}

210
2009/2xxx/CVE-2009-2361.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"name" : "9032",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9032"
},
{
"name" : "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/",
"refsource" : "MISC",
"url" : "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"name" : "http://osticket.com/forums/project.php?issueid=118",
"refsource" : "CONFIRM",
"url" : "http://osticket.com/forums/project.php?issueid=118"
},
{
"name" : "35516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35516"
},
{
"name" : "55472",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55472"
},
{
"name" : "1022480",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022480"
},
{
"name" : "35629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35629"
},
{
"name" : "ADV-2009-1726",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1726"
},
{
"name" : "osticket-username-sql-injection(51417)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://osticket.com/forums/project.php?issueid=118",
"refsource": "CONFIRM",
"url": "http://osticket.com/forums/project.php?issueid=118"
},
{
"name": "55472",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55472"
},
{
"name": "9032",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9032"
},
{
"name": "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"name": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"name": "35516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35516"
},
{
"name": "osticket-username-sql-injection(51417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
},
{
"name": "1022480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022480"
},
{
"name": "ADV-2009-1726",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1726"
},
{
"name": "35629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35629"
}
]
}
}

280
2009/2xxx/CVE-2009-2691.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20090623 [PATCH 0/1] mm_for_maps: simplify, use ptrace_may_access()",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2009/6/23/652"
},
{
"name" : "[linux-kernel] 20090623 [PATCH 1/1] mm_for_maps: simplify, use ptrace_may_access()",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2009/6/23/653"
},
{
"name" : "[linux-kernel] 20090710 [PATCH 1/2] mm_for_maps: shift down_read(mmap_sem) to the caller",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=124718946021193"
},
{
"name" : "[linux-kernel] 20090710 [PATCH 2/2] mm_for_maps: take ->cred_guard_mutex to fix the race",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=124718949821250"
},
{
"name" : "[oss-security] 20090811 CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/08/11/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=516171",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=516171"
},
{
"name" : "DSA-2005",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2005"
},
{
"name" : "FEDORA-2009-9044",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name" : "RHSA-2009:1540",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"name" : "36019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36019"
},
{
"name" : "36265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36265"
},
{
"name" : "36501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36501"
},
{
"name" : "ADV-2009-2246",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2246"
},
{
"name" : "linux-kernel-mmformaps-info-disclosure(52401)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[linux-kernel] 20090623 [PATCH 1/1] mm_for_maps: simplify, use ptrace_may_access()",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2009/6/23/653"
},
{
"name": "36265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36265"
},
{
"name": "[linux-kernel] 20090623 [PATCH 0/1] mm_for_maps: simplify, use ptrace_may_access()",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2009/6/23/652"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=516171",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=516171"
},
{
"name": "RHSA-2009:1540",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"name": "36019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36019"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=704b836cbf19e885f8366bccb2e4b0474346c02d"
},
{
"name": "[oss-security] 20090811 CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/11/1"
},
{
"name": "[linux-kernel] 20090710 [PATCH 1/2] mm_for_maps: shift down_read(mmap_sem) to the caller",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=124718946021193"
},
{
"name": "FEDORA-2009-9044",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name": "ADV-2009-2246",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2246"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286"
},
{
"name": "36501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36501"
},
{
"name": "DSA-2005",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "linux-kernel-mmformaps-info-disclosure(52401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52401"
},
{
"name": "[linux-kernel] 20090710 [PATCH 2/2] mm_for_maps: take ->cred_guard_mutex to fix the race",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=124718949821250"
}
]
}
}

270
2009/2xxx/CVE-2009-2905.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name" : "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz",
"refsource" : "CONFIRM",
"url" : "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=523955",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=523955"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100067251",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100067251"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "DSA-1894",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1894"
},
{
"name" : "RHSA-2009:1463",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1463.html"
},
{
"name" : "SUSE-SR:2009:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name" : "USN-837-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-837-1"
},
{
"name" : "36515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36515"
},
{
"name" : "oval:org.mitre.oval:def:8556",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556"
},
{
"name" : "oval:org.mitre.oval:def:9664",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664"
},
{
"name" : "37922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37922"
},
{
"name" : "38794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38794"
},
{
"name" : "38833",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38833"
},
{
"name" : "ADV-2010-0528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "DSA-1894",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1894"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=523955",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=523955"
},
{
"name": "RHSA-2009:1463",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1463.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100067251",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100067251"
},
{
"name": "36515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36515"
},
{
"name": "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz"
},
{
"name": "oval:org.mitre.oval:def:8556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8556"
},
{
"name": "oval:org.mitre.oval:def:9664",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9664"
},
{
"name": "37922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37922"
},
{
"name": "USN-837-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-837-1"
},
{
"name": "38833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38833"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}

200
2009/3xxx/CVE-2009-3457.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090925 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506716/100/0/threaded"
},
{
"name" : "20090924 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2009/Sep/0369.html"
},
{
"name" : "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt",
"refsource" : "MISC",
"url" : "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt"
},
{
"name" : "20090925 Unmatched Request Discloses Client Internal IP Address",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.html"
},
{
"name" : "36522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36522"
},
{
"name" : "1022949",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022949"
},
{
"name" : "36879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36879"
},
{
"name" : "ADV-2009-2778",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2778"
},
{
"name" : "cisco-ace-ipaddress-info-disclosure(53482)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) before 6.1 allow remote attackers to obtain sensitive information via an HTTP request that lacks a handler, as demonstrated by (1) an OPTIONS request or (2) a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address, aka Bug ID CSCtb82159."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt",
"refsource": "MISC",
"url": "http://www.brainoverflow.org/advisories/cisco_ace_xml_gw_ip_disclosure.txt"
},
{
"name": "20090925 Unmatched Request Discloses Client Internal IP Address",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080af8965.html"
},
{
"name": "20090924 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Sep/0369.html"
},
{
"name": "ADV-2009-2778",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2778"
},
{
"name": "cisco-ace-ipaddress-info-disclosure(53482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53482"
},
{
"name": "20090925 Cisco ACE XML Gateway <= 6.0 Internal IP disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506716/100/0/threaded"
},
{
"name": "36522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36522"
},
{
"name": "36879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36879"
},
{
"name": "1022949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022949"
}
]
}
}

640
2009/3xxx/CVE-2009-3608.json
View File

@ -1,322 +1,322 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091130 Need more information on recent poppler issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"name" : "[oss-security] 20091130 Re: Need more information on recent poppler issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"name" : "[oss-security] 20091201 Re: Need more information on recent poppler issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2009-016.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2009-016.html"
},
{
"name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name" : "http://poppler.freedesktop.org/",
"refsource" : "CONFIRM",
"url" : "http://poppler.freedesktop.org/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526637",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
},
{
"name" : "DSA-1941",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1941"
},
{
"name" : "DSA-2028",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2028"
},
{
"name" : "DSA-2050",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2050"
},
{
"name" : "FEDORA-2009-10823",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name" : "FEDORA-2009-10845",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name" : "FEDORA-2010-1377",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name" : "FEDORA-2010-1805",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name" : "FEDORA-2010-1842",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name" : "MDVSA-2009:287",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name" : "MDVSA-2009:334",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"name" : "MDVSA-2011:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name" : "RHSA-2009:1501",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name" : "RHSA-2009:1502",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name" : "RHSA-2009:1503",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name" : "RHSA-2009:1504",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"name" : "RHSA-2009:1512",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name" : "RHSA-2009:1513",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name" : "274030",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name" : "1021706",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name" : "SUSE-SR:2009:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name" : "USN-850-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name" : "USN-850-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name" : "36703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36703"
},
{
"name" : "oval:org.mitre.oval:def:9536",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536"
},
{
"name" : "1023029",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023029"
},
{
"name" : "37028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37028"
},
{
"name" : "37034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37034"
},
{
"name" : "37037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37037"
},
{
"name" : "37043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37043"
},
{
"name" : "37051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37051"
},
{
"name" : "37053",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37053"
},
{
"name" : "37054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37054"
},
{
"name" : "37061",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37061"
},
{
"name" : "37077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37077"
},
{
"name" : "37079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37079"
},
{
"name" : "37159",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37159"
},
{
"name" : "37114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37114"
},
{
"name" : "39327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39327"
},
{
"name" : "39938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39938"
},
{
"name" : "ADV-2009-2924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name" : "ADV-2009-2925",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name" : "ADV-2009-2926",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name" : "ADV-2009-2928",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name" : "ADV-2010-0802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name" : "ADV-2010-1220",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name" : "xpdf-objectstream-bo(53794)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "DSA-1941",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"name": "MDVSA-2009:287",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=526637",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526637"
},
{
"name": "[oss-security] 20091201 Re: Need more information on recent poppler issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/6"
},
{
"name": "37028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37028"
},
{
"name": "FEDORA-2010-1377",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name": "http://poppler.freedesktop.org/",
"refsource": "CONFIRM",
"url": "http://poppler.freedesktop.org/"
},
{
"name": "RHSA-2009:1501",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1501.html"
},
{
"name": "37079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37079"
},
{
"name": "SUSE-SR:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "[oss-security] 20091130 Need more information on recent poppler issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/1"
},
{
"name": "37159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "RHSA-2009:1512",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1512.html"
},
{
"name": "37114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37114"
},
{
"name": "37077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37077"
},
{
"name": "1023029",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "RHSA-2009:1503",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1503.html"
},
{
"name": "ADV-2009-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2926"
},
{
"name": "MDVSA-2011:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "37037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37037"
},
{
"name": "USN-850-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "RHSA-2009:1502",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1502.html"
},
{
"name": "FEDORA-2010-1842",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "xpdf-objectstream-bo(53794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53794"
},
{
"name": "ADV-2009-2928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2928"
},
{
"name": "RHSA-2009:1513",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1513.html"
},
{
"name": "37034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37034"
},
{
"name": "[oss-security] 20091130 Re: Need more information on recent poppler issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/01/5"
},
{
"name": "ADV-2009-2924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "37051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37051"
},
{
"name": "274030",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37053"
},
{
"name": "37061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37061"
},
{
"name": "39327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39327"
},
{
"name": "37043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37043"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-016.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-016.html"
},
{
"name": "oval:org.mitre.oval:def:9536",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536"
},
{
"name": "36703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name": "MDVSA-2009:334",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
}
]
}
}

250
2009/3xxx/CVE-2009-3731.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"name" : "20100304 CA20100304-01: Security Notice for CA SiteMinder",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"name" : "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"name" : "http://www.webworks.com/Security/2009-0001/",
"refsource" : "CONFIRM",
"url" : "http://www.webworks.com/Security/2009-0001/"
},
{
"name" : "37346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37346"
},
{
"name" : "62738",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62738"
},
{
"name" : "62739",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62739"
},
{
"name" : "62740",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62740"
},
{
"name" : "62741",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62741"
},
{
"name" : "62742",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62742"
},
{
"name" : "oval:org.mitre.oval:def:5944",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
},
{
"name" : "1023683",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023683"
},
{
"name" : "38749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38749"
},
{
"name" : "38842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html"
},
{
"name": "http://www.webworks.com/Security/2009-0001/",
"refsource": "CONFIRM",
"url": "http://www.webworks.com/Security/2009-0001/"
},
{
"name": "1023683",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023683"
},
{
"name": "62738",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62738"
},
{
"name": "37346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37346"
},
{
"name": "38749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38749"
},
{
"name": "62742",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62742"
},
{
"name": "oval:org.mitre.oval:def:5944",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944"
},
{
"name": "20100304 CA20100304-01: Security Notice for CA SiteMinder",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509883/100/0/threaded"
},
{
"name": "62741",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62741"
},
{
"name": "38842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38842"
},
{
"name": "62739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62739"
},
{
"name": "[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000073.html"
},
{
"name": "62740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62740"
}
]
}
}

340
2009/3xxx/CVE-2009-3939.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100073666",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name" : "DSA-1996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1996"
},
{
"name" : "RHSA-2010:0046",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name" : "RHSA-2010:0095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name" : "SUSE-SA:2009:061",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name" : "SUSE-SA:2009:064",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name" : "SUSE-SA:2010:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name" : "SUSE-SA:2010:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name" : "SUSE-SA:2010:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name" : "SUSE-SA:2010:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name" : "SUSE-SA:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name" : "USN-864-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name" : "37019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37019"
},
{
"name" : "60201",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60201"
},
{
"name" : "oval:org.mitre.oval:def:10310",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"name" : "oval:org.mitre.oval:def:7540",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"name" : "37909",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37909"
},
{
"name" : "38017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38017"
},
{
"name" : "38492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38492"
},
{
"name" : "38276",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38276"
},
{
"name" : "38779",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38276"
},
{
"name": "SUSE-SA:2009:061",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
},
{
"name": "SUSE-SA:2010:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "38779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38779"
},
{
"name": "37019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37019"
},
{
"name": "http://support.avaya.com/css/P8/documents/100073666",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100073666"
},
{
"name": "SUSE-SA:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "37909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37909"
},
{
"name": "SUSE-SA:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
},
{
"name": "SUSE-SA:2009:064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "DSA-1996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1996"
},
{
"name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
},
{
"name": "oval:org.mitre.oval:def:10310",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
},
{
"name": "RHSA-2010:0095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"name": "SUSE-SA:2010:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
},
{
"name": "60201",
"refsource": "OSVDB",
"url": "http://osvdb.org/60201"
},
{
"name": "RHSA-2010:0046",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
},
{
"name": "oval:org.mitre.oval:def:7540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
},
{
"name": "SUSE-SA:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name": "38017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38017"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
}
]
}
}

34
2015/0xxx/CVE-2015-0163.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0163",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-0163",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none."
}
]
}
}

200
2015/0xxx/CVE-2015-0349.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"
},
{
"name" : "GLSA-201504-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-07"
},
{
"name" : "RHSA-2015:0813",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html"
},
{
"name" : "SUSE-SU-2015:0722",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html"
},
{
"name" : "SUSE-SU-2015:0723",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html"
},
{
"name" : "openSUSE-SU-2015:0718",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0725",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name" : "74064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74064"
},
{
"name" : "1032105",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0718",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html"
},
{
"name": "SUSE-SU-2015:0722",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html"
},
{
"name": "GLSA-201504-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-07"
},
{
"name": "1032105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032105"
},
{
"name": "RHSA-2015:0813",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"
},
{
"name": "openSUSE-SU-2015:0725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name": "74064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74064"
},
{
"name": "SUSE-SU-2015:0723",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html"
}
]
}
}

160
2015/0xxx/CVE-2015-0422.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72127"
},
{
"name" : "1031576",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031576"
},
{
"name" : "62506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62506"
},
{
"name" : "oracle-cpujan2015-cve20150422(100108)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "62506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62506"
},
{
"name": "1031576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031576"
},
{
"name": "72127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72127"
},
{
"name": "oracle-cpujan2015-cve20150422(100108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100108"
}
]
}
}

150
2015/0xxx/CVE-2015-0594.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150226 Cisco Common Services Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594"
},
{
"name" : "72793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72793"
},
{
"name" : "1031813",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031813"
},
{
"name" : "1031814",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031813",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031813"
},
{
"name": "1031814",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031814"
},
{
"name": "20150226 Cisco Common Services Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0594"
},
{
"name": "72793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72793"
}
]
}
}

34
2015/1xxx/CVE-2015-1511.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1511",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1511",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/1xxx/CVE-2015-1633.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-022",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
},
{
"name" : "1031895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
},
{
"name": "1031895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031895"
}
]
}
}

150
2015/4xxx/CVE-2015-4370.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name" : "https://www.drupal.org/node/2450387",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2450387"
},
{
"name" : "https://www.drupal.org/node/2450321",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2450321"
},
{
"name" : "73051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2450321",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2450321"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "73051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73051"
},
{
"name": "https://www.drupal.org/node/2450387",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2450387"
}
]
}
}

150
2015/4xxx/CVE-2015-4371.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name" : "https://www.drupal.org/node/2450391",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2450391"
},
{
"name" : "https://www.drupal.org/node/2449877",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2449877"
},
{
"name" : "73050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2450391",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2450391"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "https://www.drupal.org/node/2449877",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2449877"
},
{
"name": "73050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73050"
}
]
}
}

34
2015/4xxx/CVE-2015-4434.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4434",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-4434",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

270
2015/4xxx/CVE-2015-4692.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150620 Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/21/1"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1230770",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1230770"
},
{
"name" : "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009"
},
{
"name" : "DSA-3329",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3329"
},
{
"name" : "FEDORA-2015-10677",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html"
},
{
"name" : "FEDORA-2015-10678",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html"
},
{
"name" : "SUSE-SU-2015:1324",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"
},
{
"name" : "openSUSE-SU-2015:1382",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"name" : "USN-2680-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2680-1"
},
{
"name" : "USN-2681-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2681-1"
},
{
"name" : "USN-2682-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2682-1"
},
{
"name" : "USN-2683-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2683-1"
},
{
"name" : "USN-2684-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2684-1"
},
{
"name" : "75142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75142"
},
{
"name" : "1032798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150620 Re: CVE request -- Linux kernel - kvm: x86: NULL pointer dereference in kvm_apic_has_events function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/21/1"
},
{
"name": "USN-2680-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2680-1"
},
{
"name": "USN-2682-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2682-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1230770",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230770"
},
{
"name": "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009"
},
{
"name": "SUSE-SU-2015:1324",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html"
},
{
"name": "DSA-3329",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3329"
},
{
"name": "FEDORA-2015-10678",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html"
},
{
"name": "openSUSE-SU-2015:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"name": "USN-2684-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2684-1"
},
{
"name": "USN-2681-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2681-1"
},
{
"name": "USN-2683-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2683-1"
},
{
"name": "75142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75142"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009"
},
{
"name": "1032798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032798"
},
{
"name": "FEDORA-2015-10677",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html"
}
]
}
}

460
2015/4xxx/CVE-2015-4860.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3381",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3381"
},
{
"name" : "GLSA-201603-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-11"
},
{
"name" : "GLSA-201603-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-14"
},
{
"name" : "RHSA-2016:1430",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name" : "RHSA-2015:2506",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2506.html"
},
{
"name" : "RHSA-2015:2507",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2507.html"
},
{
"name" : "RHSA-2015:2508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2508.html"
},
{
"name" : "RHSA-2015:2509",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2509.html"
},
{
"name" : "RHSA-2015:2518",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2518.html"
},
{
"name" : "RHSA-2015:1919",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1919.html"
},
{
"name" : "RHSA-2015:1920",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1920.html"
},
{
"name" : "RHSA-2015:1921",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1921.html"
},
{
"name" : "RHSA-2015:1926",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1926.html"
},
{
"name" : "RHSA-2015:1927",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1927.html"
},
{
"name" : "RHSA-2015:1928",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1928.html"
},
{
"name" : "SUSE-SU-2016:0113",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"name" : "openSUSE-SU-2016:0270",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"name" : "SUSE-SU-2015:2166",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"name" : "SUSE-SU-2015:2168",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
},
{
"name" : "SUSE-SU-2015:2182",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
},
{
"name" : "SUSE-SU-2015:2192",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name" : "SUSE-SU-2015:2216",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
},
{
"name" : "SUSE-SU-2015:2268",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html"
},
{
"name" : "SUSE-SU-2015:1874",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html"
},
{
"name" : "SUSE-SU-2015:1875",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html"
},
{
"name" : "openSUSE-SU-2015:1902",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html"
},
{
"name" : "openSUSE-SU-2015:1905",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html"
},
{
"name" : "openSUSE-SU-2015:1906",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:1971",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html"
},
{
"name" : "USN-2827-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2827-1"
},
{
"name" : "USN-2784-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2784-1"
},
{
"name" : "77162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77162"
},
{
"name" : "1033884",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
},
{
"name": "USN-2784-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2784-1"
},
{
"name": "openSUSE-SU-2015:1905",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html"
},
{
"name": "SUSE-SU-2015:2192",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name": "openSUSE-SU-2015:1906",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html"
},
{
"name": "RHSA-2015:2507",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2507.html"
},
{
"name": "RHSA-2015:1928",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1928.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "RHSA-2016:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1430"
},
{
"name": "RHSA-2015:2506",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2506.html"
},
{
"name": "RHSA-2015:2509",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2509.html"
},
{
"name": "1033884",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033884"
},
{
"name": "SUSE-SU-2015:2166",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "openSUSE-SU-2016:0270",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"
},
{
"name": "RHSA-2015:1919",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1919.html"
},
{
"name": "GLSA-201603-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "openSUSE-SU-2015:1902",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html"
},
{
"name": "RHSA-2015:1920",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1920.html"
},
{
"name": "RHSA-2015:2518",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2518.html"
},
{
"name": "GLSA-201603-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-14"
},
{
"name": "SUSE-SU-2015:2216",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
},
{
"name": "RHSA-2015:1927",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1927.html"
},
{
"name": "openSUSE-SU-2015:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html"
},
{
"name": "SUSE-SU-2015:2268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html"
},
{
"name": "SUSE-SU-2015:2168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
},
{
"name": "RHSA-2015:1921",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1921.html"
},
{
"name": "SUSE-SU-2015:1874",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html"
},
{
"name": "DSA-3381",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3381"
},
{
"name": "RHSA-2015:1926",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1926.html"
},
{
"name": "77162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77162"
},
{
"name": "SUSE-SU-2015:1875",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html"
},
{
"name": "RHSA-2015:2508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2508.html"
},
{
"name": "SUSE-SU-2016:0113",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"name": "USN-2827-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2827-1"
}
]
}
}

140
2015/8xxx/CVE-2015-8657.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-8657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-660",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-660"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
},
{
"name" : "84160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
},
{
"name": "84160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84160"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-660",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-660"
}
]
}
}

34
2015/9xxx/CVE-2015-9080.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-9080",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9080",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2015/9xxx/CVE-2015-9159.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-9159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-9159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

174
2018/2xxx/CVE-2018-2404.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Disclosure Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "10.1"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 4.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted File Upload"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Disclosure Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2607052",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2607052"
},
{
"name" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/"
},
{
"name" : "103727",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2607052",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2607052"
},
{
"name": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/"
},
{
"name": "103727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103727"
}
]
}
}

34
2018/2xxx/CVE-2018-2443.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2443",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2443",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/2xxx/CVE-2018-2718.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "10"
},
{
"version_affected" : "=",
"version_value" : "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10"
},
{
"version_affected": "=",
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103886",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103886"
},
{
"name" : "1040702",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040702"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "103886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103886"
}
]
}
}

166
2018/3xxx/CVE-2018-3259.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Database",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.2.0.4"
},
{
"version_affected" : "=",
"version_value" : "12.1.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.2.0.1"
},
{
"version_affected" : "=",
"version_value" : "18c"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "18c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105648",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105648"
},
{
"name" : "1041890",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041890",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041890"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105648"
}
]
}
}

162
2018/6xxx/CVE-2018-6071.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "65.0.3325.146"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/777318",
"refsource" : "MISC",
"url" : "https://crbug.com/777318"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4182",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4182"
},
{
"name" : "RHSA-2018:0484",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name" : "103297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/777318",
"refsource": "MISC",
"url": "https://crbug.com/777318"
},
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "103297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
}
]
}
}

34
2018/6xxx/CVE-2018-6567.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6567",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6567",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/6xxx/CVE-2018-6825.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://stacksmashing.net/CVE-2018-6825.html",
"refsource" : "MISC",
"url" : "http://stacksmashing.net/CVE-2018-6825.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://stacksmashing.net/CVE-2018-6825.html",
"refsource": "MISC",
"url": "http://stacksmashing.net/CVE-2018-6825.html"
}
]
}
}

34
2018/7xxx/CVE-2018-7043.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7043",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7043",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/7xxx/CVE-2018-7108.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE StorageWorks XP7 Automation Director (AutoDir)",
"version" : {
"version_data" : [
{
"version_value" : "version 8.5.2-02 to earlier than 8.6.1-00"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Local and Remote Authentication Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE StorageWorks XP7 Automation Director (AutoDir)",
"version": {
"version_data": [
{
"version_value": "version 8.5.2-02 to earlier than 8.6.1-00"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us"
},
{
"name" : "1041696",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local and Remote Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03879en_us"
},
{
"name": "1041696",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041696"
}
]
}
}

34
2018/7xxx/CVE-2018-7156.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7156",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7156",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/7xxx/CVE-2018-7328.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"name" : "103158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"name": "103158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103158"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b"
}
]
}
}

130
2018/7xxx/CVE-2018-7533.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-7533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OSIsoft PI Data Archive",
"version" : {
"version_data" : [
{
"version_value" : "OSIsoft PI Data Archive"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-276"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OSIsoft PI Data Archive",
"version": {
"version_data": [
{
"version_value": "OSIsoft PI Data Archive"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02"
},
{
"name" : "103399",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-02"
},
{
"name": "103399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103399"
}
]
}
}

34
2019/5xxx/CVE-2019-5375.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5375",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5375",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5971.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5971",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5971",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}