admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:13:45 +00:00
parent 76c0108791
commit f98466bb4a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3798 additions and 3798 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1999/1xxx/CVE-1999-1110.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1110", "ID": "CVE-1999-1110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19991114 IE 5.0 and Windows Media Player ActiveX object allow checking the existence of local files and directories", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/34675" "lang": "eng",
}, "value": "Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client."
{ }
"name" : "793", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/793" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/793"
},
{
"name": "19991114 IE 5.0 and Windows Media Player ActiveX object allow checking the existence of local files and directories",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/34675"
}
]
}
}

34
2000/1xxx/CVE-2000-1251.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1251", "ID": "CVE-2000-1251",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2005/0xxx/CVE-2005-0502.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0502", "ID": "CVE-2005-0502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\\ characters in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/xinkaa-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/xinkaa-adv.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\\ characters in an HTTP request."
{ }
"name" : "12606", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12606" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-0189", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0189" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14349", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14349" ]
}, },
{ "references": {
"name" : "xinkaa-web-directory-traversal(19404)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19404" "name": "http://aluigi.altervista.org/adv/xinkaa-adv.txt",
} "refsource": "MISC",
] "url": "http://aluigi.altervista.org/adv/xinkaa-adv.txt"
} },
} {
"name": "14349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14349"
},
{
"name": "12606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12606"
},
{
"name": "ADV-2005-0189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0189"
},
{
"name": "xinkaa-web-directory-traversal(19404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19404"
}
]
}
}

130
2005/2xxx/CVE-2005-2138.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2138", "ID": "CVE-2005-2138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an \"A\" tag in a review message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64", "description_data": [
"refsource" : "MISC", {
"url" : "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an \"A\" tag in a review message."
{ }
"name" : "15865", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/15865" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15865"
},
{
"name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64",
"refsource": "MISC",
"url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=64"
}
]
}
}

160
2005/3xxx/CVE-2005-3135.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3135", "ID": "CVE-2005-3135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050930 Buffer-overflow and directory traversal bugs in Virtools Web Player", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112811771331997&w=2" "lang": "eng",
}, "value": "Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename."
{ }
"name" : "http://aluigi.altervista.org/adv/virtbugs-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/virtbugs-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14990", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14990" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1014993", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1014993" ]
}, },
{ "references": {
"name" : "17034", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17034/" "name": "20050930 Buffer-overflow and directory traversal bugs in Virtools Web Player",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=112811771331997&w=2"
} },
} {
"name": "1014993",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014993"
},
{
"name": "17034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17034/"
},
{
"name": "14990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14990"
},
{
"name": "http://aluigi.altervista.org/adv/virtbugs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/virtbugs-adv.txt"
}
]
}
}

130
2005/4xxx/CVE-2005-4007.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4007", "ID": "CVE-2005-4007",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sapid-club.com/en/viewtopic.php?p=586#586", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sapid-club.com/en/viewtopic.php?p=586#586" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=375289&group_id=118100"
},
{
"name": "http://sapid-club.com/en/viewtopic.php?p=586#586",
"refsource": "CONFIRM",
"url": "http://sapid-club.com/en/viewtopic.php?p=586#586"
}
]
}
}

200
2005/4xxx/CVE-2005-4437.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4437", "ID": "CVE-2005-4437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051219 Authenticated EIGRP DoS / Information leak", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419830/100/0/threaded" "lang": "eng",
}, "value": "MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network."
{ }
"name" : "20051219 Authenticated EIGRP DoS / Information leak", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20051220 RE: Authenticated EIGRP DoS / Information leak", "description": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=113504451523186&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20051220 Re: Unauthenticated EIGRP DoS", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/419898/100/0/threaded" ]
}, },
{ "references": {
"name" : "15970", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15970" "name": "ADV-2005-3008",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/3008"
"name" : "oval:org.mitre.oval:def:5741", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5741" "name": "20051219 Authenticated EIGRP DoS / Information leak",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/419830/100/0/threaded"
"name" : "ADV-2005-3008", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/3008" "name": "15970",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15970"
"name" : "1015382", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015382" "name": "oval:org.mitre.oval:def:5741",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5741"
"name" : "274", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/274" "name": "20051220 Re: Unauthenticated EIGRP DoS",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/419898/100/0/threaded"
} },
} {
"name": "274",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/274"
},
{
"name": "20051220 RE: Authenticated EIGRP DoS / Information leak",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113504451523186&w=2"
},
{
"name": "1015382",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015382"
},
{
"name": "20051219 Authenticated EIGRP DoS / Information leak",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040332.html"
}
]
}
}

200
2005/4xxx/CVE-2005-4451.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4451", "ID": "CVE-2005-4451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm" "lang": "eng",
}, "value": "Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors."
{ }
"name" : "HPSBUX02089", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/419897/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT5983", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/419897/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15979", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15979" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:5638", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5638" "name": "18180",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18180"
"name" : "ADV-2005-3009", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/3009" "name": "SSRT5983",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/419897/100/0/threaded"
"name" : "1015381", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015381" "name": "15979",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15979"
"name" : "18180", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18180" "name": "HPSBUX02089",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/419897/100/0/threaded"
"name" : "18418", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18418" "name": "ADV-2005-3009",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/3009"
} },
} {
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-005.htm"
},
{
"name": "18418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18418"
},
{
"name": "oval:org.mitre.oval:def:5638",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5638"
},
{
"name": "1015381",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015381"
}
]
}
}

150
2005/4xxx/CVE-2005-4481.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4481", "ID": "CVE-2005-4481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the \"XSS flaw was only part of the custom implementation of the [polopoly] site\". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060926 vendor dispute: 21878: Polopoly Search Module XSS (fwd)", "description_data": [
"refsource" : "VIM", {
"url" : "http://attrition.org/pipermail/vim/2006-September/001056.html" "lang": "eng",
}, "value": "** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the \"XSS flaw was only part of the custom implementation of the [polopoly] site\". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package."
{ }
"name" : "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html", ]
"refsource" : "MISC", },
"url" : "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16007", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16007" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21878", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21878" ]
} },
] "references": {
} "reference_data": [
} {
"name": "21878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21878"
},
{
"name": "20060926 vendor dispute: 21878: Polopoly Search Module XSS (fwd)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-September/001056.html"
},
{
"name": "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/polopoly-xss-vuln.html"
},
{
"name": "16007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16007"
}
]
}
}

140
2005/4xxx/CVE-2005-4738.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4738", "ID": "CVE-2005-4738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IY71865", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY71865" "lang": "eng",
}, "value": "IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges."
{ }
"name" : "15126", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15126" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17031", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17031" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "15126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15126"
},
{
"name": "IY71865",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY71865"
},
{
"name": "17031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17031"
}
]
}
}

160
2009/2xxx/CVE-2009-2551.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2551", "ID": "CVE-2009-2551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0907-exploits/eid-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0907-exploits/eid-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php."
{ }
"name" : "35701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55862", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55862" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35838", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35838" ]
}, },
{ "references": {
"name" : "easyimagedownloader-main-xss(51722)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51722" "name": "55862",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/55862"
} },
} {
"name": "35701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35701"
},
{
"name": "35838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35838"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/eid-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/eid-xss.txt"
},
{
"name": "easyimagedownloader-main-xss(51722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51722"
}
]
}
}

580
2009/2xxx/CVE-2009-2902.json
View File

@ -1,292 +1,292 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-2902", "ID": "CVE-2009-2902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100124 [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/509150/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename."
{ }
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.apache.org/viewvc?rev=892815&view=rev", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?rev=892815&view=rev" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.apache.org/viewvc?rev=902650&view=rev", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.apache.org/viewvc?rev=902650&view=rev" ]
}, },
{ "references": {
"name" : "http://tomcat.apache.org/security-5.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-5.html" "name": "1023504",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023504"
"name" : "http://tomcat.apache.org/security-6.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-6.html" "name": "HPSBUX02541",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
"name" : "http://support.apple.com/kb/HT4077", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4077" "name": "HPSBMA02535",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "name": "http://svn.apache.org/viewvc?rev=892815&view=rev",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?rev=892815&view=rev"
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" "name": "39317",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39317"
"name" : "APPLE-SA-2010-03-29-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" "name": "oval:org.mitre.oval:def:19431",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431"
"name" : "DSA-2207", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2207" "name": "20100124 [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/509150/100/0/threaded"
"name" : "HPSBUX02541", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" "name": "DSA-2207",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2207"
"name" : "SSRT100145", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" "name": "openSUSE-SU-2012:1700",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
"name" : "HPSBUX02860", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" "name": "HPSBUX02860",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
"name" : "SSRT101146", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2" "name": "40330",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40330"
"name" : "HPSBST02955", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" "name": "MDVSA-2010:177",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
"name" : "HPSBMA02535", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" "name": "43310",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43310"
"name" : "HPSBOV02762", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" "name": "SSRT100029",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
"name" : "SSRT100029", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2" "name": "ADV-2010-1559",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1559"
"name" : "SSRT100825", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2" "name": "APPLE-SA-2010-03-29-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
"name" : "MDVSA-2010:176", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" "name": "HPSBOV02762",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
"name" : "MDVSA-2010:177", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" "name": "ADV-2010-1986",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1986"
"name" : "RHSA-2010:0119", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0119.html" "name": "RHSA-2010:0580",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html"
"name" : "RHSA-2010:0580", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0580.html" "name": "40813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40813"
"name" : "RHSA-2010:0582", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0582.html" "name": "38541",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38541"
"name" : "SUSE-SR:2010:008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" "name": "MDVSA-2010:176",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
"name" : "openSUSE-SU-2012:1700", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" "name": "http://tomcat.apache.org/security-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-6.html"
"name" : "openSUSE-SU-2012:1701", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" "name": "57126",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57126"
"name" : "openSUSE-SU-2013:0147", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
"name" : "USN-899-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-899-1" "name": "USN-899-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-899-1"
"name" : "37945", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37945" "name": "http://support.apple.com/kb/HT4077",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4077"
"name" : "oval:org.mitre.oval:def:7092", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092" "name": "SUSE-SR:2010:008",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
"name" : "oval:org.mitre.oval:def:19431", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19431" "name": "openSUSE-SU-2013:0147",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
"name" : "1023504", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023504" "name": "38687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38687"
"name" : "38316", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38316" "name": "38346",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38346"
"name" : "38346", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38346" "name": "SSRT100825",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
"name" : "38541", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38541" "name": "http://tomcat.apache.org/security-5.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-5.html"
"name" : "38687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38687" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name" : "39317", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39317" "name": "37945",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37945"
"name" : "40330", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40330" "name": "oval:org.mitre.oval:def:7092",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7092"
"name" : "40813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40813" "name": "RHSA-2010:0119",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html"
"name" : "43310", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43310" "name": "RHSA-2010:0582",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html"
"name" : "57126", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57126" "name": "SSRT101146",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
"name" : "ADV-2010-0213", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0213" "name": "38316",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38316"
"name" : "ADV-2010-1559", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1559" "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
"name" : "ADV-2010-1986", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1986" "name": "ADV-2010-0213",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0213"
"name" : "apache-tomcat-war-directory-traversal(55857)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55857" "name": "HPSBST02955",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
} },
} {
"name": "SSRT100145",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113"
},
{
"name": "http://svn.apache.org/viewvc?rev=902650&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=902650&view=rev"
},
{
"name": "apache-tomcat-war-directory-traversal(55857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55857"
},
{
"name": "openSUSE-SU-2012:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
}
]
}
}

160
2009/2xxx/CVE-2009-2936.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2936", "ID": "CVE-2009-2936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100329 Medium security hole in Varnish reverse proxy", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510360/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\""
{ }
"name" : "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/510368/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.varnish-cache.org/changeset/3865", "description": [
"refsource" : "MISC", {
"url" : "http://www.varnish-cache.org/changeset/3865" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.varnish-cache.org/wiki/CLI", ]
"refsource" : "MISC", }
"url" : "http://www.varnish-cache.org/wiki/CLI" ]
}, },
{ "references": {
"name" : "FEDORA-2010-6719", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html" "name": "20100329 Medium security hole in Varnish reverse proxy",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"
} },
} {
"name": "http://www.varnish-cache.org/wiki/CLI",
"refsource": "MISC",
"url": "http://www.varnish-cache.org/wiki/CLI"
},
{
"name": "http://www.varnish-cache.org/changeset/3865",
"refsource": "MISC",
"url": "http://www.varnish-cache.org/changeset/3865"
},
{
"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"
},
{
"name": "FEDORA-2010-6719",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"
}
]
}
}

120
2009/3xxx/CVE-2009-3038.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3038", "ID": "CVE-2009-3038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9517", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9517" "lang": "eng",
} "value": "A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9517",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9517"
}
]
}
}

130
2009/3xxx/CVE-2009-3589.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3589", "ID": "CVE-2009-3589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880" "lang": "eng",
}, "value": "incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table."
{ }
"name" : "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5", ]
"refsource" : "CONFIRM", },
"url" : "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880",
"refsource": "CONFIRM",
"url": "http://koji.fedoraproject.org/koji/buildinfo?buildID=134880"
},
{
"name": "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5",
"refsource": "CONFIRM",
"url": "https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5"
}
]
}
}

200
2009/4xxx/CVE-2009-4305.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4305", "ID": "CVE-2009-4305",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an \"escaping issue when processing AICC CRS file (Course_Title).\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes" "lang": "eng",
}, "value": "SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an \"escaping issue when processing AICC CRS file (Course_Title).\""
{ }
"name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", ]
"refsource" : "CONFIRM", },
"url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://moodle.org/mod/forum/discuss.php?d=139120", "description": [
"refsource" : "CONFIRM", {
"url" : "http://moodle.org/mod/forum/discuss.php?d=139120" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2009-13040", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html" ]
}, },
{ "references": {
"name" : "FEDORA-2009-13065", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html" "name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes",
}, "refsource": "CONFIRM",
{ "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"
"name" : "FEDORA-2009-13080", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html" "name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes",
}, "refsource": "CONFIRM",
{ "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"
"name" : "37244", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37244" "name": "ADV-2009-3455",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3455"
"name" : "37614", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37614" "name": "37614",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37614"
"name" : "ADV-2009-3455", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3455" "name": "FEDORA-2009-13065",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"
} },
} {
"name": "FEDORA-2009-13040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"
},
{
"name": "FEDORA-2009-13080",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"
},
{
"name": "37244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37244"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=139120",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=139120"
}
]
}
}

410
2009/4xxx/CVE-2009-4538.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4538", "ID": "CVE-2009-4538",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/12/28/1" "lang": "eng",
}, "value": "drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537."
{ }
"name" : "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/12/29/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/12/31/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=551214", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=551214" ]
}, },
{ "references": {
"name" : "DSA-1996", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-1996" "name": "38276",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38276"
"name" : "DSA-2005", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2005" "name": "1023420",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023420"
"name" : "FEDORA-2010-1787", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" "name": "SUSE-SA:2010:007",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html"
"name" : "MDVSA-2010:066", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066" "name": "kernel-edriver-unspecified(55645)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55645"
"name" : "RHSA-2010:0019", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0019.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=551214",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=551214"
"name" : "RHSA-2010:0020", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0020.html" "name": "RHSA-2010:0111",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0111.html"
"name" : "RHSA-2010:0041", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0041.html" "name": "38779",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38779"
"name" : "RHSA-2010:0095", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0095.html" "name": "38296",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38296"
"name" : "RHSA-2010:0111", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0111.html" "name": "SUSE-SA:2010:012",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
"name" : "RHSA-2010:0053", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0053.html" "name": "RHSA-2010:0053",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0053.html"
"name" : "SUSE-SA:2010:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" "name": "SUSE-SA:2010:014",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
"name" : "SUSE-SA:2010:010", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html" "name": "DSA-1996",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-1996"
"name" : "SUSE-SA:2010:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" "name": "RHSA-2010:0019",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0019.html"
"name" : "SUSE-SA:2010:007", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html" "name": "[oss-security] 20091228 CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/12/28/1"
"name" : "SUSE-SA:2010:014", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" "name": "FEDORA-2010-1787",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
"name" : "37523", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37523" "name": "MDVSA-2010:066",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066"
"name" : "oval:org.mitre.oval:def:7016", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016" "name": "[oss-security] 20091229 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/12/29/2"
"name" : "oval:org.mitre.oval:def:9702", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702" "name": "RHSA-2010:0095",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
"name" : "1023420", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023420" "name": "SUSE-SA:2010:005",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
"name" : "38031", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38031" "name": "[oss-security] 20091231 Re: CVE requests - kernel security regressions for CVE-2009-1385/and -1389",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/12/31/1"
"name" : "38492", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38492" "name": "oval:org.mitre.oval:def:9702",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702"
"name" : "38276", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38276" "name": "RHSA-2010:0020",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0020.html"
"name" : "38296", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38296" "name": "38031",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38031"
"name" : "38610", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38610" "name": "37523",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37523"
"name" : "38779", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38779" "name": "38610",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38610"
"name" : "kernel-edriver-unspecified(55645)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55645" "name": "oval:org.mitre.oval:def:7016",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016"
} },
} {
"name": "DSA-2005",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "SUSE-SA:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
},
{
"name": "RHSA-2010:0041",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0041.html"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
}
]
}
}

140
2009/4xxx/CVE-2009-4747.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4747", "ID": "CVE-2009-4747",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091007 Remote File Inclusion In AIOCP", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507030/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlbasic.php in All In One Control Panel (AIOCP) 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter, a different vector than CVE-2009-3220."
{ }
"name" : "36609", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36609" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "aiocp-cphtml2xhtmlbasic-file-include(53679)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53679" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "aiocp-cphtml2xhtmlbasic-file-include(53679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53679"
},
{
"name": "36609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36609"
},
{
"name": "20091007 Remote File Inclusion In AIOCP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507030/100/0/threaded"
}
]
}
}

130
2009/4xxx/CVE-2009-4859.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4859", "ID": "CVE-2009-4859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp."
{ }
"name" : "36244", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/36244" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/owosasp-xss.txt"
},
{
"name": "36244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36244"
}
]
}
}

120
2009/4xxx/CVE-2009-4921.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4921", "ID": "CVE-2009-4921",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" "lang": "eng",
} "value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (traceback) via malformed TCP packets, aka Bug ID CSCsm84110."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0233.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-0233", "ID": "CVE-2015-0233",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183151", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1183151" "lang": "eng",
}, "value": "Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38."
{ }
"name" : "FEDORA-2015-1711", ]
"refsource" : "FEDORA", },
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151954.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1183151",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183151"
},
{
"name": "FEDORA-2015-1711",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151954.html"
}
]
}
}

150
2015/0xxx/CVE-2015-0498.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0498", "ID": "CVE-2015-0498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication."
{ }
"name" : "GLSA-201507-19", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201507-19" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2015:0946", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032121", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032121" ]
} },
] "references": {
} "reference_data": [
} {
"name": "GLSA-201507-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-19"
},
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
}

120
2015/0xxx/CVE-2015-0510.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0510", "ID": "CVE-2015-0510",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" "lang": "eng",
} "value": "Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
}
]
}
}

180
2015/0xxx/CVE-2015-0805.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2015-0805", "ID": "CVE-2015-0805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html" "lang": "eng",
}, "value": "The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201512-10", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201512-10" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:0677", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html" "name": "1031996",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1031996"
"name" : "USN-2550-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2550-1" "name": "GLSA-201512-10",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201512-10"
"name" : "1031996", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031996" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1135511"
} },
} {
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-38.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2550-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2550-1"
},
{
"name": "openSUSE-SU-2015:0677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html"
}
]
}
}

150
2015/1xxx/CVE-2015-1085.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-1085", "ID": "CVE-2015-1085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT204661", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204661" "lang": "eng",
}, "value": "AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app."
{ }
"name" : "APPLE-SA-2015-04-08-3", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "73978", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73978" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032050", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032050" ]
} },
] "references": {
} "reference_data": [
} {
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

210
2015/1xxx/CVE-2015-1279.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1279", "ID": "CVE-2015-1279",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" "lang": "eng",
}, "value": "Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=483981", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=483981" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codereview.chromium.org/1237723002", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/1237723002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://codereview.chromium.org/1241493002", ]
"refsource" : "CONFIRM", }
"url" : "https://codereview.chromium.org/1241493002" ]
}, },
{ "references": {
"name" : "DSA-3315", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3315" "name": "RHSA-2015:1499",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
"name" : "GLSA-201603-09", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-09" "name": "https://codereview.chromium.org/1241493002",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/1241493002"
"name" : "RHSA-2015:1499", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" "name": "openSUSE-SU-2015:1287",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
"name" : "openSUSE-SU-2015:1287", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" "name": "1033031",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033031"
"name" : "75973", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75973" "name": "https://code.google.com/p/chromium/issues/detail?id=483981",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=483981"
"name" : "1033031", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033031" "name": "GLSA-201603-09",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201603-09"
} },
} {
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "https://codereview.chromium.org/1237723002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1237723002"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}

140
2015/1xxx/CVE-2015-1866.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1866", "ID": "CVE-2015-1866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/04/14/11" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2."
{ }
"name" : "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html", ]
"refsource" : "CONFIRM", },
"url" : "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74185", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74185" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html",
"refsource": "CONFIRM",
"url": "https://emberjs.com/blog/2015/04/14/security-and-bugfix-releases-ember-1-10-1-1-11-2-1-11-3.html"
},
{
"name": "[oss-security] 20150414 [CVE-2015-1866] Ember.js XSS Vulnerability With {{view",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/11"
},
{
"name": "74185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74185"
}
]
}
}

180
2015/4xxx/CVE-2015-4177.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-4177", "ID": "CVE-2015-4177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2015/05/29/5" "lang": "eng",
}, "value": "The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call."
{ }
"name" : "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2015/05/29/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/06/04/5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae" ]
}, },
{ "references": {
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248486", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248486" "name": "[oss-security] 20150529 CVE request Linux kernel: ns: user namespaces panic",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2015/05/29/5"
"name" : "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248486"
} },
} {
"name": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cd4a40174b71acd021877341684d8bb1dc8ea4ae"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5"
},
{
"name": "[oss-security] 20150529 Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/05/29/10"
},
{
"name": "[oss-security] 20150604 Re: Re: CVE request Linux kernel: ns: user namespaces panic",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/5"
}
]
}
}

140
2015/4xxx/CVE-2015-4221.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4221", "ID": "CVE-2015-4221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150624 Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39505" "lang": "eng",
}, "value": "Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194."
{ }
"name" : "75401", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75401" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032716", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032716" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20150624 Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39505"
},
{
"name": "75401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75401"
},
{
"name": "1032716",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032716"
}
]
}
}

170
2015/4xxx/CVE-2015-4707.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4707", "ID": "CVE-2015-4707",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/06/22/7" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1235688", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1235688" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c" ]
}, },
{ "references": {
"name" : "https://ipython.org/ipython-doc/3/whatsnew/version3.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://ipython.org/ipython-doc/3/whatsnew/version3.html" "name": "https://ipython.org/ipython-doc/3/whatsnew/version3.html",
}, "refsource": "CONFIRM",
{ "url": "https://ipython.org/ipython-doc/3/whatsnew/version3.html"
"name" : "75328", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75328" "name": "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce",
} "refsource": "CONFIRM",
] "url": "https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce"
} },
} {
"name": "[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/22/7"
},
{
"name": "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c",
"refsource": "CONFIRM",
"url": "https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c"
},
{
"name": "75328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75328"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1235688",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235688"
}
]
}
}

130
2015/4xxx/CVE-2015-4812.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-4812", "ID": "CVE-2015-4812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module."
{ }
"name" : "1033907", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033907" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033907",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033907"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5012.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-5012", "ID": "CVE-2015-5012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971422", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971422" "lang": "eng",
}, "value": "The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors."
{ }
"name" : "IV78768", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IV78780", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "IV78768",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"
},
{
"name": "IV78780",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971422"
}
]
}
}

170
2015/5xxx/CVE-2015-5185.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5185", "ID": "CVE-2015-5185",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/08/21/2" "lang": "eng",
}, "value": "The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet."
{ }
"name" : "FEDORA-2015-14197", ]
"refsource" : "FEDORA", },
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2015-14199", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-14200", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:1571", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html" "name": "FEDORA-2015-14200",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html"
"name" : "91212", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91212" "name": "FEDORA-2015-14197",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html"
} },
} {
"name": "[oss-security] 20150820 CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/2"
},
{
"name": "91212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91212"
},
{
"name": "openSUSE-SU-2015:1571",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html"
},
{
"name": "FEDORA-2015-14199",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html"
}
]
}
}

130
2015/5xxx/CVE-2015-5407.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2015-5407", "ID": "CVE-2015-5407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893" "lang": "eng",
}, "value": "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408."
{ }
"name" : "76356", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/76356" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893"
},
{
"name": "76356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76356"
}
]
}
}

130
2015/5xxx/CVE-2015-5499.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5499", "ID": "CVE-2015-5499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the \"navigate view\" permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4" "lang": "eng",
}, "value": "The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the \"navigate view\" permission."
{ }
"name" : "https://www.drupal.org/node/2492245", ]
"refsource" : "MISC", },
"url" : "https://www.drupal.org/node/2492245" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2492245",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2492245"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}
}

168
2018/1002xxx/CVE-2018-1002207.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "report@snyk.io",
"DATE_ASSIGNED" : "2018-05-17T10:52Z", "DATE_ASSIGNED": "2018-05-17T10:52Z",
"ID" : "CVE-2018-1002207", "ID": "CVE-2018-1002207",
"REQUESTER" : "danny@snyk.io", "REQUESTER": "danny@snyk.io",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2018-05-17T10:52Z" "UPDATED": "2018-05-17T10:52Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "archiver", "product_name": "archiver",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "e4ef56d48eb029648b0e895bb0b6a393ef0829c3" "version_value": "e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "golang" "vendor_name": "golang"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/snyk/zip-slip-vulnerability", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/snyk/zip-slip-vulnerability" "lang": "eng",
}, "value": "mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'."
{ }
"name" : "https://snyk.io/research/zip-slip-vulnerability", ]
"refsource" : "MISC", },
"url" : "https://snyk.io/research/zip-slip-vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071", "description": [
"refsource" : "MISC", {
"url" : "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071" "lang": "eng",
}, "value": "CWE-22"
{ }
"name" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3" ]
}, },
{ "references": {
"name" : "https://github.com/mholt/archiver/pull/65", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/mholt/archiver/pull/65" "name": "https://snyk.io/research/zip-slip-vulnerability",
} "refsource": "MISC",
] "url": "https://snyk.io/research/zip-slip-vulnerability"
} },
} {
"name": "https://github.com/snyk/zip-slip-vulnerability",
"refsource": "MISC",
"url": "https://github.com/snyk/zip-slip-vulnerability"
},
{
"name": "https://github.com/mholt/archiver/pull/65",
"refsource": "CONFIRM",
"url": "https://github.com/mholt/archiver/pull/65"
},
{
"name": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
"refsource": "CONFIRM",
"url": "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3"
},
{
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999025.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-31T15:54:50.966576", "DATE_ASSIGNED": "2018-07-31T15:54:50.966576",
"DATE_REQUESTED" : "2018-07-30T00:00:00", "DATE_REQUESTED": "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999025", "ID": "CVE-2018-1999025",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins TraceTronic ECU-TEST Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.3 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932" "lang": "eng",
} "value": "A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-932"
}
]
}
}

142
2018/2xxx/CVE-2018-2569.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2569", "ID": "CVE-2018-2569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java ME - Specifications", "product_name": "Java ME - Specifications",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.3" "version_value": "8.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "lang": "eng",
}, "value": "Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)."
{ }
"name" : "102536", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102536" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040217", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040217" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "102536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102536"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1040217",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040217"
}
]
}
}

122
2018/3xxx/CVE-2018-3730.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3730", "ID": "CVE-2018-3730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "mcstatic node module", "product_name": "mcstatic node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/312907", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/312907" "lang": "eng",
} "value": "mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/312907",
"refsource": "MISC",
"url": "https://hackerone.com/reports/312907"
}
]
}
}

122
2018/3xxx/CVE-2018-3745.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3745", "ID": "CVE-2018-3745",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "atob node module", "product_name": "atob node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=2.0.3" "version_value": "<=2.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read (CWE-125)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/321686", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/321686" "lang": "eng",
} "value": "atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/321686",
"refsource": "MISC",
"url": "https://hackerone.com/reports/321686"
}
]
}
}

120
2018/3xxx/CVE-2018-3779.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2018-3779", "ID": "CVE-2018-3779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "active-support ruby gem", "product_name": "active-support ruby gem",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.2.0" "version_value": "5.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection - Generic (CWE-77)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/392311", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/392311" "lang": "eng",
} "value": "active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection - Generic (CWE-77)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/392311",
"refsource": "MISC",
"url": "https://hackerone.com/reports/392311"
}
]
}
}

172
2018/6xxx/CVE-2018-6104.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6104", "ID": "CVE-2018-6104",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "66.0.3359.117" "version_value": "66.0.3359.117"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/820068", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/820068" "lang": "eng",
}, "value": "Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name."
{ }
"name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4182", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4182" "lang": "eng",
}, "value": "Insufficient policy enforcement"
{ }
"name" : "GLSA-201804-22", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201804-22" ]
}, },
{ "references": {
"name" : "RHSA-2018:1195", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1195" "name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
"name" : "103917", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103917" "name": "GLSA-201804-22",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201804-22"
} },
} {
"name": "https://crbug.com/820068",
"refsource": "MISC",
"url": "https://crbug.com/820068"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "103917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103917"
},
{
"name": "RHSA-2018:1195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1195"
}
]
}
}

132
2018/6xxx/CVE-2018-6346.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@fb.com", "ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED" : "2018-12-19", "DATE_ASSIGNED": "2018-12-19",
"ID" : "CVE-2018-6346", "ID": "CVE-2018-6346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Proxygen", "product_name": "Proxygen",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "!=>", "version_affected": "!=>",
"version_value" : "v2018.12.31.00" "version_value": "v2018.12.31.00"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "v2018.12.31.00" "version_value": "v2018.12.31.00"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Facebook" "vendor_name": "Facebook"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982" "lang": "eng",
} "value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982",
"refsource": "MISC",
"url": "https://github.com/facebook/proxygen/commit/52cf331743ebd74194d6343a6c2ec52bb917c982"
}
]
}
}

34
2018/6xxx/CVE-2018-6895.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6895", "ID": "CVE-2018-6895",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/7xxx/CVE-2018-7272.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7272", "ID": "CVE-2018-7272",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://backstage.forgerock.com/knowledge/kb/book/b21824339", "description_data": [
"refsource" : "MISC", {
"url" : "https://backstage.forgerock.com/knowledge/kb/book/b21824339" "lang": "eng",
}, "value": "The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file."
{ }
"name" : "https://hansesecure.de/vulnerability-in-am/", ]
"refsource" : "MISC", },
"url" : "https://hansesecure.de/vulnerability-in-am/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://backstage.forgerock.com/knowledge/kb/book/b21824339",
"refsource": "MISC",
"url": "https://backstage.forgerock.com/knowledge/kb/book/b21824339"
},
{
"name": "https://hansesecure.de/vulnerability-in-am/",
"refsource": "MISC",
"url": "https://hansesecure.de/vulnerability-in-am/"
}
]
}
}

132
2018/7xxx/CVE-2018-7513.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-03-13T00:00:00", "DATE_PUBLIC": "2018-03-13T00:00:00",
"ID" : "CVE-2018-7513", "ID": "CVE-2018-7513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Omron CX-Supervisor", "product_name": "Omron CX-Supervisor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 3.30 and prior" "version_value": "Version 3.30 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "STACK-BASED BUFFER OVERFLOW CWE-121"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01" "lang": "eng",
}, "value": "In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow."
{ }
"name" : "103394", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103394" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103394"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-072-01"
}
]
}
}

120
2018/7xxx/CVE-2018-7633.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7633", "ID": "CVE-2018-7633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/", "description_data": [
"refsource" : "MISC", {
"url" : "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/" "lang": "eng",
} "value": "Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/",
"refsource": "MISC",
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/"
}
]
}
}

34
2018/7xxx/CVE-2018-7684.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7684", "ID": "CVE-2018-7684",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

188
2018/8xxx/CVE-2018-8157.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8157", "ID": "CVE-2018-8157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2010 Service Pack 2 (32-bit editions)" "version_value": "2010 Service Pack 2 (32-bit editions)"
}, },
{ {
"version_value" : "2010 Service Pack 2 (64-bit editions)" "version_value": "2010 Service Pack 2 (64-bit editions)"
}, },
{ {
"version_value" : "2013 RT Service Pack 1" "version_value": "2013 RT Service Pack 1"
}, },
{ {
"version_value" : "2013 Service Pack 1 (32-bit editions)" "version_value": "2013 Service Pack 1 (32-bit editions)"
}, },
{ {
"version_value" : "2013 Service Pack 1 (64-bit editions)" "version_value": "2013 Service Pack 1 (64-bit editions)"
}, },
{ {
"version_value" : "2016 (32-bit edition)" "version_value": "2016 (32-bit edition)"
}, },
{ {
"version_value" : "2016 (64-bit edition)" "version_value": "2016 (64-bit edition)"
}, },
{ {
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" "version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
}, },
{ {
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" "version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161."
{ }
"name" : "104046", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104046" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040853", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040853" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8157"
},
{
"name": "1040853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040853"
},
{
"name": "104046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104046"
}
]
}
}