admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:06:35 +00:00
parent 4dcd44ef6f
commit fa490d78b8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3587 additions and 3587 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2005/0xxx/CVE-2005-0041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0041",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0041",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2005/0xxx/CVE-2005-0279.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Soldner Secret Wars 30830 and earlier does not properly handle the \"message too long\" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050104 Socket termination, format string and XSS in Soldner Secret Wars",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110486654213504&w=2"
},
{
"name" : "12162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12162"
},
{
"name" : "13716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13716"
},
{
"name" : "soldner-secret-wars-dos(18749)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Soldner Secret Wars 30830 and earlier does not properly handle the \"message too long\" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12162"
},
{
"name": "soldner-secret-wars-dos(18749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18749"
},
{
"name": "13716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13716"
},
{
"name": "20050104 Socket termination, format string and XSS in Soldner Secret Wars",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110486654213504&w=2"
}
]
}
}

130
2005/0xxx/CVE-2005-0497.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050219 ADP Elite System Max 9000 Series Login Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110901051420503&w=2"
},
{
"name" : "adp-elite-gain-privileges(20622)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050219 ADP Elite System Max 9000 Series Login Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110901051420503&w=2"
},
{
"name": "adp-elite-gain-privileges(20622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20622"
}
]
}
}

150
2005/1xxx/CVE-2005-1172.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050418 Vulnerability in Coppermine Photo Gallery 1.3.*",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111383800707880&w=2"
},
{
"name" : "http://coppermine.sourceforge.net/board/index.php?topic=17134",
"refsource" : "CONFIRM",
"url" : "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"name" : "13218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13218"
},
{
"name" : "15004",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050418 Vulnerability in Coppermine Photo Gallery 1.3.*",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111383800707880&w=2"
},
{
"name": "13218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13218"
},
{
"name": "http://coppermine.sourceforge.net/board/index.php?topic=17134",
"refsource": "CONFIRM",
"url": "http://coppermine.sourceforge.net/board/index.php?topic=17134"
},
{
"name": "15004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15004"
}
]
}
}

140
2005/1xxx/CVE-2005-1183.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13213"
},
{
"name" : "15760",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15760"
},
{
"name" : "mvnforum-search-xss(20613)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mvnforum-search-xss(20613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20613"
},
{
"name": "13213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13213"
},
{
"name": "15760",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15760"
}
]
}
}

130
2005/1xxx/CVE-2005-1578.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Forensics] 20050511 DCO discovery & removal, capabilities of imaging & wiping tools",
"refsource" : "MLIST",
"url" : "http://www.securityfocus.com/archive/104/398021"
},
{
"name" : "15340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Forensics] 20050511 DCO discovery & removal, capabilities of imaging & wiping tools",
"refsource": "MLIST",
"url": "http://www.securityfocus.com/archive/104/398021"
},
{
"name": "15340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15340"
}
]
}
}

160
2005/3xxx/CVE-2005-3373.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113026417802703&w=2"
},
{
"name" : "http://www.securityelf.org/magicbyteadv.html",
"refsource" : "MISC",
"url" : "http://www.securityelf.org/magicbyteadv.html"
},
{
"name" : "http://www.securityelf.org/magicbyte.html",
"refsource" : "MISC",
"url" : "http://www.securityelf.org/magicbyte.html"
},
{
"name" : "http://www.securityelf.org/updmagic.html",
"refsource" : "MISC",
"url" : "http://www.securityelf.org/updmagic.html"
},
{
"name" : "15189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15189"
},
{
"name": "http://www.securityelf.org/magicbyte.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/magicbyte.html"
},
{
"name": "http://www.securityelf.org/magicbyteadv.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/magicbyteadv.html"
},
{
"name": "20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113026417802703&w=2"
},
{
"name": "http://www.securityelf.org/updmagic.html",
"refsource": "MISC",
"url": "http://www.securityelf.org/updmagic.html"
}
]
}
}

150
2005/3xxx/CVE-2005-3675.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.umd.edu/~capveg/optack/optack-extended.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.umd.edu/~capveg/optack/optack-extended.pdf"
},
{
"name" : "VU#102014",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/102014"
},
{
"name" : "15468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15468/"
},
{
"name" : "tcp-congestion-control-dos(23055)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23055"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#102014",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/102014"
},
{
"name": "http://www.cs.umd.edu/~capveg/optack/optack-extended.pdf",
"refsource": "MISC",
"url": "http://www.cs.umd.edu/~capveg/optack/optack-extended.pdf"
},
{
"name": "tcp-congestion-control-dos(23055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23055"
},
{
"name": "15468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15468/"
}
]
}
}

150
2005/3xxx/CVE-2005-3917.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html"
},
{
"name" : "ADV-2005-2547",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2547"
},
{
"name" : "21055",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21055"
},
{
"name" : "17665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17665"
},
{
"name": "http://pridels0.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html"
},
{
"name": "21055",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21055"
},
{
"name": "ADV-2005-2547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2547"
}
]
}
}

170
2005/4xxx/CVE-2005-4161.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating \"No invalid input can reach the script.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051209 Milliscript 1.4 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419070/100/0/threaded"
},
{
"name" : "20060510 Re: Milliscript 1.4 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433545/30/5070/threaded"
},
{
"name" : "15792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15792"
},
{
"name" : "ADV-2005-2839",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2839"
},
{
"name" : "17997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17997"
},
{
"name" : "245",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating \"No invalid input can reach the script.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051209 Milliscript 1.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419070/100/0/threaded"
},
{
"name": "17997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17997"
},
{
"name": "15792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15792"
},
{
"name": "20060510 Re: Milliscript 1.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433545/30/5070/threaded"
},
{
"name": "ADV-2005-2839",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2839"
},
{
"name": "245",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/245"
}
]
}
}

130
2005/4xxx/CVE-2005-4704.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA05-85.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/140"
},
{
"name" : "20094",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA05-85.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/140"
},
{
"name": "20094",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20094"
}
]
}
}

180
2005/4xxx/CVE-2005-4802.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051017 flexbackup default config insecure temporary file creation",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112958392512513&w=2"
},
{
"name" : "http://www.zataz.net/adviso/flexbackup-09192005.txt",
"refsource" : "MISC",
"url" : "http://www.zataz.net/adviso/flexbackup-09192005.txt"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334350",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334350"
},
{
"name" : "DSA-1216",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1216"
},
{
"name" : "1015068",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015068"
},
{
"name" : "17209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17209"
},
{
"name" : "23008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051017 flexbackup default config insecure temporary file creation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112958392512513&w=2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334350",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334350"
},
{
"name": "http://www.zataz.net/adviso/flexbackup-09192005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/flexbackup-09192005.txt"
},
{
"name": "DSA-1216",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1216"
},
{
"name": "17209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17209"
},
{
"name": "23008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23008"
},
{
"name": "1015068",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015068"
}
]
}
}

130
2009/0xxx/CVE-2009-0070.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7673",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7673"
},
{
"name" : "safari-array-memory-disclosure(48214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "safari-array-memory-disclosure(48214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48214"
},
{
"name": "7673",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7673"
}
]
}
}

140
2009/0xxx/CVE-2009-0243.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://isc.sans.org/diary.html?storyid=5695",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.html?storyid=5695"
},
{
"name" : "TA09-020A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-020A.html"
},
{
"name" : "1021629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021629"
},
{
"name": "http://isc.sans.org/diary.html?storyid=5695",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=5695"
},
{
"name": "TA09-020A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-020A.html"
}
]
}
}

140
2009/0xxx/CVE-2009-0389.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7910",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7910"
},
{
"name" : "33515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33515"
},
{
"name" : "wow-writeinifilestring-code-execution(48337)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48337"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wow-writeinifilestring-code-execution(48337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48337"
},
{
"name": "7910",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7910"
},
{
"name": "33515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33515"
}
]
}
}

160
2009/0xxx/CVE-2009-0682.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090818 CA20090818-02: Security Notice for CA Internet Security Suite",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505880/100/0/threaded"
},
{
"name" : "20090826 [PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506103/100/0/threaded"
},
{
"name" : "http://en.securitylab.ru/lab/PT-2009-05",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2009-05"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673"
},
{
"name" : "57228",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090826 [PT-2009-05] CA Internet Security Suite Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506103/100/0/threaded"
},
{
"name": "57228",
"refsource": "OSVDB",
"url": "http://osvdb.org/57228"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214673"
},
{
"name": "20090818 CA20090818-02: Security Notice for CA Internet Security Suite",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505880/100/0/threaded"
},
{
"name": "http://en.securitylab.ru/lab/PT-2009-05",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2009-05"
}
]
}
}

140
2009/0xxx/CVE-2009-0803.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-7M6SM7",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-7M6SM7"
},
{
"name" : "VU#435052",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/435052"
},
{
"name" : "33858",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33858"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuardian, and SchoolGuardian 2008, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33858"
},
{
"name": "VU#435052",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435052"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7M6SM7",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7M6SM7"
}
]
}
}

190
2009/1xxx/CVE-2009-1285.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342",
"refsource" : "CONFIRM",
"url" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342"
},
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php"
},
{
"name" : "FEDORA-2009-3692",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.html"
},
{
"name" : "FEDORA-2009-3700",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00452.html"
},
{
"name" : "34526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34526"
},
{
"name" : "34727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34727"
},
{
"name" : "34741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34741"
},
{
"name" : "ADV-2009-1045",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1045"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php"
},
{
"name": "ADV-2009-1045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1045"
},
{
"name": "34741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34741"
},
{
"name": "34727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34727"
},
{
"name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342"
},
{
"name": "34526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34526"
},
{
"name": "FEDORA-2009-3700",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00452.html"
},
{
"name": "FEDORA-2009-3692",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.html"
}
]
}
}

210
2009/1xxx/CVE-2009-1958.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"refsource" : "MLIST",
"url" : "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name" : "http://download.strongswan.org/CHANGES4.txt",
"refsource" : "CONFIRM",
"url" : "http://download.strongswan.org/CHANGES4.txt"
},
{
"name" : "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch",
"refsource" : "CONFIRM",
"url" : "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"name" : "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme",
"refsource" : "CONFIRM",
"url" : "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"name" : "DSA-1899",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1899"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "35178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35178"
},
{
"name" : "35296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35296"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "36922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36922"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme"
},
{
"name": "35296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35296"
},
{
"name": "36922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36922"
},
{
"name": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch"
},
{
"name": "[strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released",
"refsource": "MLIST",
"url": "https://lists.strongswan.org/pipermail/users/2009-May/003457.html"
},
{
"name": "DSA-1899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1899"
},
{
"name": "35178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35178"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://download.strongswan.org/CHANGES4.txt",
"refsource": "CONFIRM",
"url": "http://download.strongswan.org/CHANGES4.txt"
}
]
}
}

150
2009/3xxx/CVE-2009-3674.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3671."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-072",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
},
{
"name" : "TA09-342A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name" : "oval:org.mitre.oval:def:6570",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570"
},
{
"name" : "1023293",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3671."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
},
{
"name": "TA09-342A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name": "oval:org.mitre.oval:def:6570",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570"
},
{
"name": "1023293",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023293"
}
]
}
}

200
2009/3xxx/CVE-2009-3904.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091030 CubeCart 4 Session Management Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"name" : "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/",
"refsource" : "MISC",
"url" : "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"name" : "http://forums.cubecart.com/index.php?showtopic=39691?read=1",
"refsource" : "CONFIRM",
"url" : "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"name" : "http://forums.cubecart.com/index.php?showtopic=39748",
"refsource" : "CONFIRM",
"url" : "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"name" : "36882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36882"
},
{
"name" : "1023120",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023120"
},
{
"name" : "37197",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37197"
},
{
"name" : "ADV-2009-3113",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3113"
},
{
"name" : "cubecart-session-security-bypass(54062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "classes/session/cc_admin_session.php in CubeCart 4.3.4 does not properly restrict administrative access permissions, which allows remote attackers to bypass restrictions and gain administrative access via a HTTP request that contains an empty (1) sessID (ccAdmin cookie), (2) X_CLUSTER_CLIENT_IP header, or (3) User-Agent header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/websecuritynews/cubecart-4-session-management-bypass-leads-to-administrator-access/"
},
{
"name": "cubecart-session-security-bypass(54062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54062"
},
{
"name": "1023120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023120"
},
{
"name": "ADV-2009-3113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3113"
},
{
"name": "20091030 CubeCart 4 Session Management Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507594/100/0/threaded"
},
{
"name": "http://forums.cubecart.com/index.php?showtopic=39691?read=1",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/index.php?showtopic=39691?read=1"
},
{
"name": "http://forums.cubecart.com/index.php?showtopic=39748",
"refsource": "CONFIRM",
"url": "http://forums.cubecart.com/index.php?showtopic=39748"
},
{
"name": "37197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37197"
},
{
"name": "36882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36882"
}
]
}
}

160
2009/3xxx/CVE-2009-3937.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing \"ancillary data.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-68-nv_osol0906u5-1",
"refsource" : "MISC",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-68-nv_osol0906u5-1"
},
{
"name" : "266488",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266488-1"
},
{
"name" : "36992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36992"
},
{
"name" : "1023162",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023162"
},
{
"name" : "ADV-2009-3213",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing \"ancillary data.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36992"
},
{
"name": "ADV-2009-3213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3213"
},
{
"name": "266488",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266488-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-68-nv_osol0906u5-1",
"refsource": "MISC",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-68-nv_osol0906u5-1"
},
{
"name": "1023162",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023162"
}
]
}
}

140
2009/4xxx/CVE-2009-4510.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vsecurity.com/resources/advisory/20100409-2",
"refsource" : "MISC",
"url" : "http://www.vsecurity.com/resources/advisory/20100409-2"
},
{
"name" : "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf",
"refsource" : "CONFIRM",
"url" : "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf"
},
{
"name" : "39275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf",
"refsource": "CONFIRM",
"url": "http://ftp.tandberg.com/pub/software/vcs/TANDBERG%20Video%20Communication%20Server%20Software%20Release%20Notes%20(X5).pdf"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100409-2",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100409-2"
},
{
"name": "39275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39275"
}
]
}
}

130
2009/4xxx/CVE-2009-4955.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/th_ultracards/0.5.1/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}

34
2012/2xxx/CVE-2012-2264.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2264",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2264",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

190
2012/2xxx/CVE-2012-2741.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18639",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18639"
},
{
"name" : "[oss-security] 20120616 CVE request: phplist before 2.10.18 XSS and sql injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/16/1"
},
{
"name" : "[oss-security] 20120616 Re: CVE request: phplist before 2.10.18 XSS and sql injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/17/2"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php"
},
{
"name" : "https://mantis.phplist.com/view.php?id=16557",
"refsource" : "MISC",
"url" : "https://mantis.phplist.com/view.php?id=16557"
},
{
"name" : "https://www.phplist.com/?lid=567",
"refsource" : "CONFIRM",
"url" : "https://www.phplist.com/?lid=567"
},
{
"name" : "52657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52657"
},
{
"name" : "1027181",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1027181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027181",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1027181"
},
{
"name": "52657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52657"
},
{
"name": "[oss-security] 20120616 CVE request: phplist before 2.10.18 XSS and sql injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/16/1"
},
{
"name": "https://mantis.phplist.com/view.php?id=16557",
"refsource": "MISC",
"url": "https://mantis.phplist.com/view.php?id=16557"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php"
},
{
"name": "18639",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18639"
},
{
"name": "https://www.phplist.com/?lid=567",
"refsource": "CONFIRM",
"url": "https://www.phplist.com/?lid=567"
},
{
"name": "[oss-security] 20120616 Re: CVE request: phplist before 2.10.18 XSS and sql injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/17/2"
}
]
}
}

120
2012/6xxx/CVE-2012-6276.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#185100",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/185100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#185100",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/185100"
}
]
}
}

130
2015/0xxx/CVE-2015-0533.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"name" : "76377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150817 ESA-2015-081: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/84"
},
{
"name": "76377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76377"
}
]
}
}

120
2015/1xxx/CVE-2015-1174.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/133296/UNIT4TETA-TETA-WEB-22.62.3.4-Session-Fixation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133296/UNIT4TETA-TETA-WEB-22.62.3.4-Session-Fixation.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133296/UNIT4TETA-TETA-WEB-22.62.3.4-Session-Fixation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133296/UNIT4TETA-TETA-WEB-22.62.3.4-Session-Fixation.html"
}
]
}
}

220
2015/1xxx/CVE-2015-1268.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=494640",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=494640"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=196373&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=196373&view=revision"
},
{
"name" : "DSA-3315",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3315"
},
{
"name" : "GLSA-201507-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-18"
},
{
"name" : "RHSA-2015:1188",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1188.html"
},
{
"name" : "openSUSE-SU-2015:1872",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html"
},
{
"name" : "openSUSE-SU-2015:1146",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00057.html"
},
{
"name" : "USN-2652-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2652-1"
},
{
"name" : "75332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75332"
},
{
"name" : "1032731",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1872",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=196373&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=196373&view=revision"
},
{
"name": "1032731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032731"
},
{
"name": "75332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75332"
},
{
"name": "USN-2652-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2652-1"
},
{
"name": "RHSA-2015:1188",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1188.html"
},
{
"name": "openSUSE-SU-2015:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00057.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=494640",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=494640"
},
{
"name": "GLSA-201507-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-18"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}

360
2015/1xxx/CVE-2015-1799.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[chrony-announce] 20150407 chrony-1.31.1 released (security)",
"refsource" : "MLIST",
"url" : "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"name" : "http://bugs.ntp.org/show_bug.cgi?id=2781",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/show_bug.cgi?id=2781"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10114",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10114"
},
{
"name" : "http://support.apple.com/kb/HT204942",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204942"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "APPLE-SA-2015-06-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name" : "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"name" : "20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38275"
},
{
"name" : "DSA-3222",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3222"
},
{
"name" : "DSA-3223",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3223"
},
{
"name" : "FEDORA-2015-5761",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"name" : "FEDORA-2015-5874",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name" : "GLSA-201509-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-01"
},
{
"name" : "HPSBHF03557",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=145750740530849&w=2"
},
{
"name" : "HPSBUX03333",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name" : "SSRT102029",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name" : "MDVSA-2015:202",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"name" : "RHSA-2015:1459",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name" : "openSUSE-SU-2015:0775",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"name" : "USN-2567-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name" : "VU#374268",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/374268"
},
{
"name" : "73950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73950"
},
{
"name" : "1032031",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3222",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3222"
},
{
"name": "20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38275"
},
{
"name": "[chrony-announce] 20150407 chrony-1.31.1 released (security)",
"refsource": "MLIST",
"url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"name": "USN-2567-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name": "VU#374268",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"name": "73950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73950"
},
{
"name": "SSRT102029",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name": "FEDORA-2015-5761",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10114",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10114"
},
{
"name": "FEDORA-2015-5874",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:0775",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201509-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "HPSBUX03333",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name": "MDVSA-2015:202",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "HPSBHF03557",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145750740530849&w=2"
},
{
"name": "RHSA-2015:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2781",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2781"
},
{
"name": "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"name": "DSA-3223",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "1032031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032031"
}
]
}
}

130
2015/5xxx/CVE-2015-5170.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2015-5170-5173",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name" : "101579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5170-5173",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5170-5173"
},
{
"name": "101579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101579"
}
]
}
}

34
2015/5xxx/CVE-2015-5239.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5239",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5239",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2015/5xxx/CVE-2015-5241.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2015-5241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache jUDDI",
"version" : {
"version_data" : [
{
"version_value" : "3.1.2, 3.1.3, 3.1.4, and 3.1.5"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Open Redirect"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2015-5241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache jUDDI",
"version": {
"version_data": [
{
"version_value": "3.1.2, 3.1.3, 3.1.4, and 3.1.5"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://juddi.apache.org/security.html",
"refsource" : "MISC",
"url" : "http://juddi.apache.org/security.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://juddi.apache.org/security.html",
"refsource": "MISC",
"url": "http://juddi.apache.org/security.html"
}
]
}
}

160
2015/5xxx/CVE-2015-5372.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150921 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536508/100/0/threaded"
},
{
"name" : "20150923 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/87"
},
{
"name" : "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth",
"refsource" : "MISC",
"url" : "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth"
},
{
"name" : "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html"
},
{
"name" : "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt",
"refsource" : "MISC",
"url" : "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133628/nevisAuth-Authentication-Bypass.html"
},
{
"name": "20150923 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/87"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt"
},
{
"name": "20150921 CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536508/100/0/threaded"
},
{
"name": "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth",
"refsource": "MISC",
"url": "http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth"
}
]
}
}

190
2015/5xxx/CVE-2015-5793.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "76763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76763"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76763"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5883.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "76908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76908"
},
{
"name" : "1033703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "76908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76908"
}
]
}
}

152
2018/11xxx/CVE-2018-11086.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-09-13T04:00:00.000Z",
"ID" : "CVE-2018-11086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Application Service",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "2.0",
"version_value" : "2.0.21"
},
{
"affected" : "<",
"version_name" : "2.1",
"version_value" : "2.1.13 "
},
{
"affected" : "<",
"version_name" : "2.2",
"version_value" : "2.2.5"
}
]
}
}
]
},
"vendor_name" : "Pivotal "
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Credential leak"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-09-13T04:00:00.000Z",
"ID": "CVE-2018-11086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Application Service",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.0",
"version_value": "2.0.21"
},
{
"affected": "<",
"version_name": "2.1",
"version_value": "2.1.13 "
},
{
"affected": "<",
"version_name": "2.2",
"version_value": "2.2.5"
}
]
}
}
]
},
"vendor_name": "Pivotal "
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-11086",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-11086"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Usage Service in Pivotal Application Service, versions 2.0 prior to 2.0.21 and 2.1 prior to 2.1.13 and 2.2 prior to 2.2.5, contains a bug which may allow escalation of privileges. A space developer with access to the system org may be able to access an artifact which contains the CF admin credential, allowing them to escalate to an admin role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credential leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-11086",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11086"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

120
2018/11xxx/CVE-2018-11231.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://foreversong.cn/archives/1183",
"refsource" : "MISC",
"url" : "http://foreversong.cn/archives/1183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://foreversong.cn/archives/1183",
"refsource": "MISC",
"url": "http://foreversong.cn/archives/1183"
}
]
}
}

120
2018/11xxx/CVE-2018-11288.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

142
2018/3xxx/CVE-2018-3055.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.16"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.16"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104764"
},
{
"name" : "1041296",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104764"
},
{
"name": "1041296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041296"
}
]
}
}

140
2018/3xxx/CVE-2018-3127.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Demantra Demand Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "7.3.5"
},
{
"version_affected" : "=",
"version_value" : "12.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). Supported versions that are affected are 7.3.5 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Demantra Demand Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.3.5"
},
{
"version_affected": "=",
"version_value": "12.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105637",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105637"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). Supported versions that are affected are 7.3.5 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105637"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

188
2018/3xxx/CVE-2018-3276.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.6.41 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.7.23 and prior"
},
{
"version_affected" : "=",
"version_value" : "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.41 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.23 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name" : "RHSA-2018:3655",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name" : "USN-3799-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3799-1/"
},
{
"name" : "105600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105600"
},
{
"name" : "1041888",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "105600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105600"
},
{
"name": "USN-3799-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3799-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
}

34
2018/3xxx/CVE-2018-3511.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3511",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3511",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3703.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-01-08T00:00:00",
"ID" : "CVE-2018-3703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel(R) SSD Data Center Tool for Windows",
"version" : {
"version_data" : [
{
"version_value" : "before v3.0.17."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-01-08T00:00:00",
"ID": "CVE-2018-3703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) SSD Data Center Tool for Windows",
"version": {
"version_data": [
{
"version_value": "before v3.0.17."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00207.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00207.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00207.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00207.html"
}
]
}
}

120
2018/7xxx/CVE-2018-7107.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE Device Entitlement Gateway (DEG)",
"version" : {
"version_data" : [
{
"version_value" : "v3.2.4, v3.3 and v3.3.1"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote SQL Injection and Elevation of Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Device Entitlement Gateway (DEG)",
"version": {
"version_data": [
{
"version_value": "v3.2.4, v3.3 and v3.3.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03889en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03889en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote SQL Injection and Elevation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03889en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03889en_us"
}
]
}
}

150
2018/7xxx/CVE-2018-7116.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE Intelligent Management Center (IMC)",
"version" : {
"version_data" : [
{
"version_value" : "prior to IMC PLAT 7.3 (E0605P06)"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Intelligent Management Center (IMC)",
"version": {
"version_data": [
{
"version_value": "prior to IMC PLAT 7.3 (E0605P06)"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us",
"refsource" : "MISC",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us"
},
{
"name" : "106211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106211"
},
{
"name" : "1042182",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042182",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042182"
},
{
"name": "106211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106211"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03906en_us"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us",
"refsource": "MISC",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03906en_us"
}
]
}
}

34
2018/7xxx/CVE-2018-7860.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7860",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7860",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

146
2018/8xxx/CVE-2018-8150.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\" This affects Microsoft Office."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150"
},
{
"name" : "104039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104039"
},
{
"name" : "1040852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments, aka \"Microsoft Outlook Security Feature Bypass Vulnerability.\" This affects Microsoft Office."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040852"
},
{
"name": "104039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104039"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8150"
}
]
}
}

34
2018/8xxx/CVE-2018-8188.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8188",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8188",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/8xxx/CVE-2018-8899.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895",
"refsource" : "MISC",
"url" : "https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895"
},
{
"name" : "https://github.com/IdentityServer/IdentityServer4/issues/2164",
"refsource" : "MISC",
"url" : "https://github.com/IdentityServer/IdentityServer4/issues/2164"
},
{
"name" : "https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3",
"refsource" : "MISC",
"url" : "https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3"
},
{
"name" : "https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3",
"refsource" : "MISC",
"url" : "https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895",
"refsource": "MISC",
"url": "https://github.com/IdentityServer/IdentityServer4/commit/21d0da227f50ac102de469a13bc5a15d2cc0f895"
},
{
"name": "https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3",
"refsource": "MISC",
"url": "https://github.com/IdentityServer/IdentityServer4/releases/tag/2.1.3"
},
{
"name": "https://github.com/IdentityServer/IdentityServer4/issues/2164",
"refsource": "MISC",
"url": "https://github.com/IdentityServer/IdentityServer4/issues/2164"
},
{
"name": "https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3",
"refsource": "MISC",
"url": "https://github.com/IdentityServer/IdentityServer4/releases/tag/1.5.3"
}
]
}
}