admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:54:37 +00:00
parent 97a4ac4400
commit f40351c34f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3840 additions and 3840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

260
2005/0xxx/CVE-2005-0441.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or \"sa\" role privileges to execute arbitrary code via (5) a crafted install java statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041222 Sybase ASE 12.5.2 vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html"
},
{
"name" : "20050321 Details of Sybase ASE bugs withheld",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/393851"
},
{
"name" : "20050405 Sybase ASE Multiple Security Issues (#NISR05042005)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111272918117194&w=2"
},
{
"name" : "http://www.ngssoftware.com/advisories/sybase-ase.txt",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/sybase-ase.txt"
},
{
"name" : "http://www.sybase.com/detail?id=1034520",
"refsource" : "CONFIRM",
"url" : "http://www.sybase.com/detail?id=1034520"
},
{
"name" : "http://www.sybase.com/detail?id=1034752",
"refsource" : "CONFIRM",
"url" : "http://www.sybase.com/detail?id=1034752"
},
{
"name" : "http://www.sybase.com/detail/1,6904,1033894,00.html",
"refsource" : "CONFIRM",
"url" : "http://www.sybase.com/detail/1,6904,1033894,00.html"
},
{
"name" : "12080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12080"
},
{
"name" : "13632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13632"
},
{
"name" : "sybase-adaptive-server(19354)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19354"
},
{
"name" : "sybase-ase-attribvalid-bo(19974)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19974"
},
{
"name" : "sybase-ase-convert-bo(19976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19976"
},
{
"name" : "sybase-ase-declare-bo(19978)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19978"
},
{
"name" : "sybase-ase-abstract-bo(19979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19979"
},
{
"name" : "sybase-ase-install-java-bo(19980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19980"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or \"sa\" role privileges to execute arbitrary code via (5) a crafted install java statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sybase-ase-convert-bo(19976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19976"
},
{
"name": "sybase-ase-install-java-bo(19980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19980"
},
{
"name": "http://www.ngssoftware.com/advisories/sybase-ase.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/sybase-ase.txt"
},
{
"name": "sybase-adaptive-server(19354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19354"
},
{
"name": "20050321 Details of Sybase ASE bugs withheld",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/393851"
},
{
"name": "20050405 Sybase ASE Multiple Security Issues (#NISR05042005)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111272918117194&w=2"
},
{
"name": "sybase-ase-abstract-bo(19979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19979"
},
{
"name": "http://www.sybase.com/detail/1,6904,1033894,00.html",
"refsource": "CONFIRM",
"url": "http://www.sybase.com/detail/1,6904,1033894,00.html"
},
{
"name": "13632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13632"
},
{
"name": "http://www.sybase.com/detail?id=1034520",
"refsource": "CONFIRM",
"url": "http://www.sybase.com/detail?id=1034520"
},
{
"name": "http://www.sybase.com/detail?id=1034752",
"refsource": "CONFIRM",
"url": "http://www.sybase.com/detail?id=1034752"
},
{
"name": "12080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12080"
},
{
"name": "sybase-ase-declare-bo(19978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19978"
},
{
"name": "sybase-ase-attribvalid-bo(19974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19974"
},
{
"name": "20041222 Sybase ASE 12.5.2 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html"
}
]
}
}

190
2005/0xxx/CVE-2005-0670.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html"
},
{
"name" : "http://forums.phpcoin.com/index.php?showtopic=4118",
"refsource" : "CONFIRM",
"url" : "http://forums.phpcoin.com/index.php?showtopic=4118"
},
{
"name" : "http://forums.phpcoin.com/index.php?showtopic=4116",
"refsource" : "CONFIRM",
"url" : "http://forums.phpcoin.com/index.php?showtopic=4116"
},
{
"name" : "http://forums.phpcoin.com/index.php?showtopic=4101",
"refsource" : "CONFIRM",
"url" : "http://forums.phpcoin.com/index.php?showtopic=4101"
},
{
"name" : "12686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12686"
},
{
"name" : "1013329",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013329"
},
{
"name" : "14439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14439"
},
{
"name" : "phpcoin-xss(19572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14439"
},
{
"name": "http://forums.phpcoin.com/index.php?showtopic=4118",
"refsource": "CONFIRM",
"url": "http://forums.phpcoin.com/index.php?showtopic=4118"
},
{
"name": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html"
},
{
"name": "http://forums.phpcoin.com/index.php?showtopic=4101",
"refsource": "CONFIRM",
"url": "http://forums.phpcoin.com/index.php?showtopic=4101"
},
{
"name": "1013329",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013329"
},
{
"name": "12686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12686"
},
{
"name": "http://forums.phpcoin.com/index.php?showtopic=4116",
"refsource": "CONFIRM",
"url": "http://forums.phpcoin.com/index.php?showtopic=4116"
},
{
"name": "phpcoin-xss(19572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19572"
}
]
}
}

120
2005/0xxx/CVE-2005-0708.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-05:02",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:02",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-05:02.sendfile.asc"
}
]
}
}

34
2005/0xxx/CVE-2005-0751.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0751",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-0751",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none."
}
]
}
}

240
2005/1xxx/CVE-2005-1154.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-36.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-36.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=289675",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=289675"
},
{
"name" : "GLSA-200504-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
},
{
"name" : "RHSA-2005:383",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-383.html"
},
{
"name" : "RHSA-2005:386",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-386.html"
},
{
"name" : "RHSA-2005:384",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name" : "SCOSA-2005.49",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name" : "15495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15495"
},
{
"name" : "13230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13230"
},
{
"name" : "oval:org.mitre.oval:def:100022",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022"
},
{
"name" : "oval:org.mitre.oval:def:10339",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339"
},
{
"name" : "14938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14938"
},
{
"name" : "14992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka \"Cross-site scripting through global scope pollution.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:386",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-386.html"
},
{
"name": "oval:org.mitre.oval:def:100022",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100022"
},
{
"name": "14992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14992"
},
{
"name": "SCOSA-2005.49",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "13230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13230"
},
{
"name": "15495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "GLSA-200504-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml"
},
{
"name": "14938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14938"
},
{
"name": "oval:org.mitre.oval:def:10339",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10339"
},
{
"name": "RHSA-2005:384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "RHSA-2005:383",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-383.html"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-36.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-36.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=289675",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=289675"
}
]
}
}

210
2005/3xxx/CVE-2005-3240.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060213 Internet Explorer drag&drop 0day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"name" : "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"name" : "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
},
{
"name" : "16352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16352"
},
{
"name" : "ADV-2006-0553",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0553"
},
{
"name" : "2707",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2707"
},
{
"name" : "1015049",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015049"
},
{
"name" : "18787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18787"
},
{
"name" : "ie-dragdrop-variant(24648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060213 Internet Explorer drag&drop 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424863/100/0/threaded"
},
{
"name": "ADV-2006-0553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0553"
},
{
"name": "18787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18787"
},
{
"name": "20060214 Advisory: Internet Explorer Drag and Drop Redeux [CVE-2005-3240] (fwd)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424940/100/0/threaded"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html"
},
{
"name": "16352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16352"
},
{
"name": "ie-dragdrop-variant(24648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24648"
},
{
"name": "1015049",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015049"
},
{
"name": "2707",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2707"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/02/13/419439.aspx"
}
]
}
}

140
2005/3xxx/CVE-2005-3480.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.procheckup.com/Vulner_PR0413.php",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/Vulner_PR0413.php"
},
{
"name" : "20422",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20422"
},
{
"name" : "17383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17383"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/Vulner_PR0413.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulner_PR0413.php"
},
{
"name": "17383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17383"
},
{
"name": "20422",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20422"
}
]
}
}

150
2005/3xxx/CVE-2005-3765.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051119 [security - exponentcms]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417218"
},
{
"name" : "15503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15503"
},
{
"name" : "17655",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17655"
},
{
"name" : "17505",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051119 [security - exponentcms]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417218"
},
{
"name": "15503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15503"
},
{
"name": "17655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17655"
},
{
"name": "17505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17505"
}
]
}
}

170
2005/3xxx/CVE-2005-3824.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=113290708121951&w=2"
},
{
"name" : "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM ",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417711/30/0/threaded"
},
{
"name" : "15569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15569"
},
{
"name" : "ADV-2005-2569",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2569"
},
{
"name" : "1015274",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015274"
},
{
"name" : "17693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM",
"url": "http://www.securityfocus.com/archive/1/417711/30/0/threaded"
},
{
"name": "15569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15569"
},
{
"name": "ADV-2005-2569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2569"
},
{
"name": "1015274",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015274"
},
{
"refsource": "FULLDISC",
"name": "20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM",
"url": "http://marc.info/?l=full-disclosure&m=113290708121951&w=2"
},
{
"name": "17693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17693"
}
]
}
}

150
2005/4xxx/CVE-2005-4023.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051130 Gallery 2.x Security Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"name" : "15614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15614"
},
{
"name" : "ADV-2005-2681",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2681"
},
{
"name" : "17747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17747"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17747"
},
{
"name": "15614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15614"
},
{
"name": "20051130 Gallery 2.x Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418200/100/0/threaded"
},
{
"name": "ADV-2005-2681",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2681"
}
]
}
}

140
2005/4xxx/CVE-2005-4474.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the \"Add to archive\" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051221 WinRAR - Processing Filename Incorrectly Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420006/100/0/threaded"
},
{
"name" : "15999",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15999"
},
{
"name" : "290",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the \"Add to archive\" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "290",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/290"
},
{
"name": "20051221 WinRAR - Processing Filename Incorrectly Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420006/100/0/threaded"
},
{
"name": "15999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15999"
}
]
}
}

120
2005/4xxx/CVE-2005-4678.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17618"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17618"
}
]
}
}

140
2005/4xxx/CVE-2005-4762.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA05-99.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/153"
},
{
"name" : "15052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15052"
},
{
"name" : "17138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA05-99.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/153"
},
{
"name": "15052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15052"
},
{
"name": "17138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17138"
}
]
}
}

150
2005/4xxx/CVE-2005-4861.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing \"/login.php\" PHP_SELF value, which is not properly handled by the CHECK_AUTH function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050730 RO CP root exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html"
},
{
"name" : "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6",
"refsource" : "CONFIRM",
"url" : "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6"
},
{
"name" : "18389",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18389"
},
{
"name" : "16287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing \"/login.php\" PHP_SELF value, which is not properly handled by the CHECK_AUTH function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050730 RO CP root exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-07/0522.html"
},
{
"name": "18389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18389"
},
{
"name": "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6",
"refsource": "CONFIRM",
"url": "http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6"
},
{
"name": "16287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16287"
}
]
}
}

120
2005/4xxx/CVE-2005-4883.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid \"connect frames.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html",
"refsource" : "CONFIRM",
"url" : "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of service (daemon crash) via invalid \"connect frames.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html",
"refsource": "CONFIRM",
"url": "http://pagesperso-orange.fr/philippe.jounin/tftpd32_news.html"
}
]
}
}

180
2009/0xxx/CVE-2009-0132.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.trapkit.de/advisories/TKADV2009-001.txt",
"refsource" : "MISC",
"url" : "http://www.trapkit.de/advisories/TKADV2009-001.txt"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1"
},
{
"name" : "247986",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247986-1"
},
{
"name" : "33188",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33188"
},
{
"name" : "ADV-2009-0099",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0099"
},
{
"name" : "1021553",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021553"
},
{
"name" : "33516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021553",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021553"
},
{
"name": "247986",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247986-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-59-1"
},
{
"name": "33188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33188"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2009-001.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2009-001.txt"
},
{
"name": "ADV-2009-0099",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0099"
},
{
"name": "33516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33516"
}
]
}
}

140
2009/0xxx/CVE-2009-0415.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090129 CVE Request (trickle)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/01/29/5"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456"
},
{
"name" : "33516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090129 CVE Request (trickle)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/29/5"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456"
},
{
"name": "33516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33516"
}
]
}
}

150
2009/0xxx/CVE-2009-0443.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7942",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7942"
},
{
"name" : "33089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33089"
},
{
"name" : "51717",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51717"
},
{
"name" : "33742",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51717",
"refsource": "OSVDB",
"url": "http://osvdb.org/51717"
},
{
"name": "33742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33742"
},
{
"name": "7942",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7942"
},
{
"name": "33089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33089"
}
]
}
}

150
2009/0xxx/CVE-2009-0703.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7635",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7635"
},
{
"name" : "33084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33084"
},
{
"name" : "34099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34099"
},
{
"name" : "webboard-bview-sql-injection(47722)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7635",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7635"
},
{
"name": "33084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33084"
},
{
"name": "34099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34099"
},
{
"name": "webboard-bview-sql-injection(47722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47722"
}
]
}
}

340
2009/1xxx/CVE-2009-1553.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503236/100/0/threaded"
},
{
"name" : "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/",
"refsource" : "MLIST",
"url" : "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669"
},
{
"name" : "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java",
"refsource" : "MLIST",
"url" : "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668"
},
{
"name" : "[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/",
"refsource" : "MLIST",
"url" : "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675"
},
{
"name" : "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
},
{
"name" : "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=134",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=134"
},
{
"name" : "258528",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1"
},
{
"name" : "JVN#73653977",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN73653977/index.html"
},
{
"name" : "JVNDB-2009-000027",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html"
},
{
"name" : "34824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34824"
},
{
"name" : "34914",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34914"
},
{
"name" : "54249",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54249"
},
{
"name" : "54250",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54250"
},
{
"name" : "54251",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54251"
},
{
"name" : "54252",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54252"
},
{
"name" : "54253",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54253"
},
{
"name" : "54254",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54254"
},
{
"name" : "54255",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54255"
},
{
"name" : "54256",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54256"
},
{
"name" : "54257",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54257"
},
{
"name" : "ADV-2009-1255",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1255"
},
{
"name" : "glassfish-jsa-admininterface-xss(50453)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090505 [DSECRG-09-034] Sun Glassfish Enterprise Server - Multiple Linked XSS vulnerabilies",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503236/100/0/threaded"
},
{
"name": "258528",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258528-1"
},
{
"name": "[dev] 20090319 [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.nabble.com/-DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p22595435.html"
},
{
"name": "54254",
"refsource": "OSVDB",
"url": "http://osvdb.org/54254"
},
{
"name": "[cvs] 20090322 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/configuration/",
"refsource": "MLIST",
"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29675"
},
{
"name": "54256",
"refsource": "OSVDB",
"url": "http://osvdb.org/54256"
},
{
"name": "[dev] 20090411 Re: [DSECRG] Sun Glassfish Multiple Security Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.nabble.com/Re:--DSECRG--Sun-Glassfish-Multiple-Security-Vulnerabilities-p23002524.html"
},
{
"name": "54250",
"refsource": "OSVDB",
"url": "http://osvdb.org/54250"
},
{
"name": "54253",
"refsource": "OSVDB",
"url": "http://osvdb.org/54253"
},
{
"name": "54257",
"refsource": "OSVDB",
"url": "http://osvdb.org/54257"
},
{
"name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/docroot/",
"refsource": "MLIST",
"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29669"
},
{
"name": "glassfish-jsa-admininterface-xss(50453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50453"
},
{
"name": "JVNDB-2009-000027",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000027.html"
},
{
"name": "ADV-2009-1255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1255"
},
{
"name": "[cvs] 20090320 CVS update [SJSAS91_FCS_BRANCH]: /glassfish/admin-gui/src/java/com/sun/enterprise/tools/admingui/handlers/CommonHandlers.java",
"refsource": "MLIST",
"url": "https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=29668"
},
{
"name": "54252",
"refsource": "OSVDB",
"url": "http://osvdb.org/54252"
},
{
"name": "54255",
"refsource": "OSVDB",
"url": "http://osvdb.org/54255"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=134",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=134"
},
{
"name": "54249",
"refsource": "OSVDB",
"url": "http://osvdb.org/54249"
},
{
"name": "JVN#73653977",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73653977/index.html"
},
{
"name": "54251",
"refsource": "OSVDB",
"url": "http://osvdb.org/54251"
},
{
"name": "34824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34824"
},
{
"name": "34914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34914"
}
]
}
}

160
2009/3xxx/CVE-2009-3028.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00"
},
{
"name" : "http://www.symantec.com/business/support/index?page=content&id=TECH44885",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/business/support/index?page=content&id=TECH44885"
},
{
"name" : "36346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36346"
},
{
"name" : "57893",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/57893"
},
{
"name" : "36679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36346"
},
{
"name": "57893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57893"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00"
},
{
"name": "http://www.symantec.com/business/support/index?page=content&id=TECH44885",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/business/support/index?page=content&id=TECH44885"
},
{
"name": "36679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36679"
}
]
}
}

34
2009/3xxx/CVE-2009-3142.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3142",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3142",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

160
2009/3xxx/CVE-2009-3171.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9425",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9425"
},
{
"name" : "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt"
},
{
"name" : "33686",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33686"
},
{
"name" : "ADV-2009-2541",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2541"
},
{
"name" : "gazellecms-user-search-xss(52415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/gazellecms-xss.txt"
},
{
"name": "9425",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9425"
},
{
"name": "ADV-2009-2541",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2541"
},
{
"name": "33686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33686"
},
{
"name": "gazellecms-user-search-xss(52415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52415"
}
]
}
}

160
2009/3xxx/CVE-2009-3347.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
},
{
"name" : "36237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36237"
},
{
"name" : "57791",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/57791"
},
{
"name" : "1022826",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022826"
},
{
"name" : "36454",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36237"
},
{
"name": "57791",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57791"
},
{
"name": "1022826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022826"
},
{
"name": "36454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36454"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}

190
2009/4xxx/CVE-2009-4079.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://rubyforge.org/frs/shownotes.php?release_id=41440",
"refsource" : "MISC",
"url" : "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name" : "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15",
"refsource" : "MISC",
"url" : "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name" : "JVN#87341298",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name" : "JVNDB-2009-000074",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name" : "37066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37066"
},
{
"name" : "37420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37420"
},
{
"name" : "ADV-2009-3291",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name" : "redmine-unspecified-csrf(54334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3291"
},
{
"name": "JVNDB-2009-000074",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000074.html"
},
{
"name": "37066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37066"
},
{
"name": "redmine-unspecified-csrf(54334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54334"
},
{
"name": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15",
"refsource": "MISC",
"url": "http://www.redmine.org/wiki/redmine/Changelog#v087-2009-11-15"
},
{
"name": "JVN#87341298",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87341298/index.html"
},
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=41440",
"refsource": "MISC",
"url": "http://rubyforge.org/frs/shownotes.php?release_id=41440"
},
{
"name": "37420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37420"
}
]
}
}

200
2009/4xxx/CVE-2009-4303.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified \"secrets\" in backup files, which might allow attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"
},
{
"name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=139110",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=139110"
},
{
"name" : "FEDORA-2009-13040",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"
},
{
"name" : "FEDORA-2009-13065",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"
},
{
"name" : "FEDORA-2009-13080",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"
},
{
"name" : "37244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37244"
},
{
"name" : "37614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37614"
},
{
"name" : "ADV-2009-3455",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified \"secrets\" in backup files, which might allow attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"
},
{
"name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=139110",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=139110"
},
{
"name": "ADV-2009-3455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3455"
},
{
"name": "37614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37614"
},
{
"name": "FEDORA-2009-13065",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"
},
{
"name": "FEDORA-2009-13040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"
},
{
"name": "FEDORA-2009-13080",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"
},
{
"name": "37244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37244"
}
]
}
}

150
2009/4xxx/CVE-2009-4435.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt"
},
{
"name" : "10536",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10536"
},
{
"name" : "37408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37408"
},
{
"name" : "f3site-nlang-file-include(54908)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54908"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in F3Site 2009 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37408"
},
{
"name": "f3site-nlang-file-include(54908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54908"
},
{
"name": "10536",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10536"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt"
}
]
}
}

140
2009/4xxx/CVE-2009-4849.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
"refsource" : "MISC",
"url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
},
{
"name" : "37359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37359"
},
{
"name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
"refsource": "MISC",
"url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
}
]
}
}

170
2012/2xxx/CVE-2012-2543.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-076",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name" : "TA12-318A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name" : "56431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56431"
},
{
"name" : "oval:org.mitre.oval:def:15737",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"name" : "oval:org.mitre.oval:def:15908",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
},
{
"name" : "1027752",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027752"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Stack Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56431"
},
{
"name": "oval:org.mitre.oval:def:15908",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15908"
},
{
"name": "MS12-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-076"
},
{
"name": "oval:org.mitre.oval:def:15737",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15737"
},
{
"name": "TA12-318A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html"
},
{
"name": "1027752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027752"
}
]
}
}

290
2012/2xxx/CVE-2012-2733.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1350301",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1350301"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1356208",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1356208"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://tomcat.apache.org/security-7.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html"
},
{
"name" : "HPSBMU02873",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name" : "SSRT101182",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name" : "HPSBST02955",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name" : "HPSBUX02866",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
},
{
"name" : "SSRT101139",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
},
{
"name" : "openSUSE-SU-2012:1700",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name" : "openSUSE-SU-2012:1701",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name" : "openSUSE-SU-2013:0147",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name" : "USN-1637-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1637-1"
},
{
"name" : "56402",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56402"
},
{
"name" : "oval:org.mitre.oval:def:19218",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218"
},
{
"name" : "1027729",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027729"
},
{
"name" : "51371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51371"
},
{
"name" : "57126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101139",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
},
{
"name": "51371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51371"
},
{
"name": "openSUSE-SU-2012:1700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name": "oval:org.mitre.oval:def:19218",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218"
},
{
"name": "USN-1637-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1637-1"
},
{
"name": "SSRT101182",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "HPSBMU02873",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"name": "56402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56402"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1356208",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1356208"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "openSUSE-SU-2013:0147",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "HPSBUX02866",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name": "openSUSE-SU-2012:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1350301",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1350301"
},
{
"name": "1027729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027729"
}
]
}
}

170
2012/2xxx/CVE-2012-2759.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.secureworks.com/research/advisories/SWRX-2012-003/",
"refsource" : "MISC",
"url" : "http://www.secureworks.com/research/advisories/SWRX-2012-003/"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset/541069",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset/541069"
},
{
"name" : "http://wordpress.org/extend/plugins/login-with-ajax/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/login-with-ajax/changelog/"
},
{
"name" : "53423",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53423"
},
{
"name" : "81712",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81712"
},
{
"name" : "loginwithajax-loginwithajax-xss(75470)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plugins.trac.wordpress.org/changeset/541069",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/541069"
},
{
"name": "53423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53423"
},
{
"name": "http://wordpress.org/extend/plugins/login-with-ajax/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/login-with-ajax/changelog/"
},
{
"name": "loginwithajax-loginwithajax-xss(75470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75470"
},
{
"name": "http://www.secureworks.com/research/advisories/SWRX-2012-003/",
"refsource": "MISC",
"url": "http://www.secureworks.com/research/advisories/SWRX-2012-003/"
},
{
"name": "81712",
"refsource": "OSVDB",
"url": "http://osvdb.org/81712"
}
]
}
}

160
2015/1xxx/CVE-2015-1176.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150122 CVE-2015-1176-xss-osticket",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"name" : "https://github.com/osTicket/osTicket-1.8/pull/1639",
"refsource" : "CONFIRM",
"url" : "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"name" : "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5",
"refsource" : "CONFIRM",
"url" : "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
},
{
"name" : "72276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/osTicket/osTicket-1.8/pull/1639",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"name": "20150122 CVE-2015-1176-xss-osticket",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"name": "72276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72276"
},
{
"name": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
}
]
}
}

120
2015/1xxx/CVE-2015-1449.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf"
}
]
}
}

120
2015/1xxx/CVE-2015-1460.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-411975.htm"
}
]
}
}

140
2015/1xxx/CVE-2015-1610.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka \"topology spoofing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf",
"refsource" : "MISC",
"url" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf"
},
{
"name" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker",
"refsource" : "CONFIRM",
"url" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker"
},
{
"name" : "73251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka \"topology spoofing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker",
"refsource": "CONFIRM",
"url": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1610_l2switch:_topology_spoofing_via_hosttracker"
},
{
"name": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf",
"refsource": "MISC",
"url": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf"
},
{
"name": "73251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73251"
}
]
}
}

120
2015/1xxx/CVE-2015-1983.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21964316",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21964316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964316",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964316"
}
]
}
}

250
2015/5xxx/CVE-2015-5570.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-447",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-447"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201509-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-07"
},
{
"name" : "RHSA-2015:1814",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "SUSE-SU-2015:1614",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name" : "SUSE-SU-2015:1618",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1616",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name" : "76795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76795"
},
{
"name" : "1033629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1814",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-447",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-447"
},
{
"name": "openSUSE-SU-2015:1616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name": "1033629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033629"
},
{
"name": "SUSE-SU-2015:1618",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name": "76795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76795"
},
{
"name": "SUSE-SU-2015:1614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name": "GLSA-201509-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-07"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
}
]
}
}

240
2015/5xxx/CVE-2015-5573.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201509-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-07"
},
{
"name" : "RHSA-2015:1814",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "SUSE-SU-2015:1614",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name" : "SUSE-SU-2015:1618",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1616",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name" : "76794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76794"
},
{
"name" : "1033629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1814",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "76794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76794"
},
{
"name": "openSUSE-SU-2015:1616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name": "1033629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033629"
},
{
"name": "SUSE-SU-2015:1618",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name": "SUSE-SU-2015:1614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name": "GLSA-201509-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-07"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
}
]
}
}

200
2015/5xxx/CVE-2015-5813.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:0761",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name" : "76763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76763"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76763"
},
{
"name": "openSUSE-SU-2016:0761",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

150
2018/11xxx/CVE-2018-11627.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a",
"refsource" : "MISC",
"url" : "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a"
},
{
"name" : "https://github.com/sinatra/sinatra/issues/1428",
"refsource" : "MISC",
"url" : "https://github.com/sinatra/sinatra/issues/1428"
},
{
"name" : "RHSA-2019:0212",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0212"
},
{
"name" : "RHSA-2019:0315",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sinatra/sinatra/issues/1428",
"refsource": "MISC",
"url": "https://github.com/sinatra/sinatra/issues/1428"
},
{
"name": "RHSA-2019:0315",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0315"
},
{
"name": "RHSA-2019:0212",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0212"
},
{
"name": "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a",
"refsource": "MISC",
"url": "https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a"
}
]
}
}

142
2018/3xxx/CVE-2018-3268.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105604"
},
{
"name" : "1041895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105604"
}
]
}
}

34
2018/3xxx/CVE-2018-3418.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3418",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3418",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3540.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3540",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3540",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/3xxx/CVE-2018-3821.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "bressers@elastic.co",
"ID" : "CVE-2018-3821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kibana",
"version" : {
"version_data" : [
{
"version_value" : "after 5.1.1 and before 5.6.7 and 6.1.3"
}
]
}
}
]
},
"vendor_name" : "Elastic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2018-3821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kibana",
"version": {
"version_data": [
{
"version_value": "after 5.1.1 and before 5.6.7 and 6.1.3"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683",
"refsource" : "CONFIRM",
"url" : "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683"
}
]
}
}

172
2018/6xxx/CVE-2018-6127.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "67.0.3396.62"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "67.0.3396.62"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/842990",
"refsource" : "MISC",
"url" : "https://crbug.com/842990"
},
{
"name" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"
},
{
"name" : "DSA-4237",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4237"
},
{
"name" : "RHSA-2018:1815",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1815"
},
{
"name" : "104309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104309"
},
{
"name" : "1041014",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/842990",
"refsource": "MISC",
"url": "https://crbug.com/842990"
},
{
"name": "104309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104309"
},
{
"name": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"
},
{
"name": "1041014",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041014"
},
{
"name": "RHSA-2018:1815",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1815"
},
{
"name": "DSA-4237",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4237"
}
]
}
}

34
2018/7xxx/CVE-2018-7026.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7026",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7026",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/7xxx/CVE-2018-7412.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7412",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7412",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2018/8xxx/CVE-2018-8132.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132"
},
{
"name" : "104066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104066"
},
{
"name" : "1040849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka \"Windows Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name": "104066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104066"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8132"
}
]
}
}

132
2018/8xxx/CVE-2018-8864.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-04-10T00:00:00",
"ID" : "CVE-2018-8864",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ATI Emergency Mass Notification Systems",
"version" : {
"version_data" : [
{
"version_value" : "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000."
}
]
}
}
]
},
"vendor_name" : "Acoustic Technology, Inc. (ATI Systems)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-10T00:00:00",
"ID": "CVE-2018-8864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ATI Emergency Mass Notification Systems",
"version": {
"version_data": [
{
"version_value": "The following ATI's Emergency Mass Notification Systems devices are affected: HPSS16, HPSS32, MHPSS, and ALERT4000."
}
]
}
}
]
},
"vendor_name": "Acoustic Technology, Inc. (ATI Systems)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
},
{
"name" : "103721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103721"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01"
}
]
}
}

120
2018/8xxx/CVE-2018-8904.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000",
"refsource" : "MISC",
"url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000",
"refsource": "MISC",
"url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002000"
}
]
}
}