admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:18:49 +00:00
parent 74cc938162
commit fad7354c50
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3907 additions and 3907 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/2xxx/CVE-2002-2294.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2294", "ID": "CVE-2002-2294",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/avcenter/security/Content/2002.12.12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/avcenter/security/Content/2002.12.12.html" "lang": "eng",
}, "value": "Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd)."
{ }
"name" : "6389", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6389" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sef-realaudio-proxy-bo(10862)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10862" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2002.12.12.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2002.12.12.html"
},
{
"name": "sef-realaudio-proxy-bo(10862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10862"
},
{
"name": "6389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6389"
}
]
}
}

150
2005/0xxx/CVE-2005-0639.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0639", "ID": "CVE-2005-0639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via \"buffer management errors\" from certain image properties, some of which may be related to integer overflows in PPM files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-695", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-695" "lang": "eng",
}, "value": "Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via \"buffer management errors\" from certain image properties, some of which may be related to integer overflows in PPM files."
{ }
"name" : "GLSA-200503-05", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-200503-05.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=79762", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=79762" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14459", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14459" ]
} },
] "references": {
} "reference_data": [
} {
"name": "GLSA-200503-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200503-05.xml"
},
{
"name": "14459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14459"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=79762",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=79762"
},
{
"name": "DSA-695",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-695"
}
]
}
}

130
2005/0xxx/CVE-2005-0653.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0653", "ID": "CVE-2005-0653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "GLSA-200503-07", "description_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml" "lang": "eng",
}, "value": "phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended."
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=83792", ]
"refsource" : "MISC", },
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=83792" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=83792",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=83792"
},
{
"name": "GLSA-200503-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml"
}
]
}
}

160
2005/0xxx/CVE-2005-0685.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0685", "ID": "CVE-2005-0685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050308 PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/392623" "lang": "eng",
}, "value": "Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands."
{ }
"name" : "http://security.honour.ca/outstartpsi.txt", ]
"refsource" : "MISC", },
"url" : "http://security.honour.ca/outstartpsi.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12752", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12752" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14542", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14542" ]
}, },
{ "references": {
"name" : "pe-access-validation-dos(19632)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19632" "name": "14542",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/14542"
} },
} {
"name": "20050308 PE Multiple Remote Access Validation Vulnerabilities (Participate Systems Inc. / Outstart Inc.)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/392623"
},
{
"name": "pe-access-validation-dos(19632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19632"
},
{
"name": "http://security.honour.ca/outstartpsi.txt",
"refsource": "MISC",
"url": "http://security.honour.ca/outstartpsi.txt"
},
{
"name": "12752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12752"
}
]
}
}

190
2005/0xxx/CVE-2005-0753.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-0753", "ID": "CVE-2005-0753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-742", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-742" "lang": "eng",
}, "value": "Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code."
{ }
"name" : "GLSA-200504-16", ]
"refsource" : "GENTOO", },
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2005:387", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-387.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SA:2005:024", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2005_24_cvs.html" ]
}, },
{ "references": {
"name" : "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view", "reference_data": [
"refsource" : "MISC", {
"url" : "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view" "name": "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view",
}, "refsource": "MISC",
{ "url": "http://bugs.gentoo.org/attachment.cgi?id=54352&action=view"
"name" : "oval:org.mitre.oval:def:9688", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688" "name": "DSA-742",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-742"
"name" : "14976", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14976/" "name": "oval:org.mitre.oval:def:9688",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9688"
"name" : "cvs-bo(20148)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148" "name": "cvs-bo(20148)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20148"
} },
} {
"name": "SUSE-SA:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_cvs.html"
},
{
"name": "GLSA-200504-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml"
},
{
"name": "14976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14976/"
},
{
"name": "RHSA-2005:387",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-387.html"
}
]
}
}

180
2005/1xxx/CVE-2005-1375.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1375", "ID": "CVE-2005-1375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111464607103407&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php."
{ }
"name" : "http://www.claroline.net/news.php#85", ]
"refsource" : "CONFIRM", },
"url" : "http://www.claroline.net/news.php#85" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13407", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13407" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1013822", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1013822" ]
}, },
{ "references": {
"name" : "15161", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15161" "name": "13407",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/13407"
"name" : "15725", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15725" "name": "15161",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15161"
"name" : "claroline-multiple-sql-injection(20298)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20298" "name": "20050427 ZRCSA-200501 - Multiple vulnerabilities in Claroline",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=111464607103407&w=2"
} },
} {
"name": "http://www.claroline.net/news.php#85",
"refsource": "CONFIRM",
"url": "http://www.claroline.net/news.php#85"
},
{
"name": "claroline-multiple-sql-injection(20298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20298"
},
{
"name": "1013822",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013822"
},
{
"name": "15725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15725"
}
]
}
}

660
2005/4xxx/CVE-2005-4134.json
View File

@ -1,332 +1,332 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4134", "ID": "CVE-2005-4134",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051208 Re: re: Firefox 1.5 buffer overflow (poc)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=113405896025702&w=2" "lang": "eng",
}, "value": "Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue."
{ }
"name" : "20051208 re: Firefox 1.5 buffer overflow (poc)", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=113404911919629&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/history-title.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.mozilla.org/security/history-title.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.networksecurity.fi/advisories/netscape-history.html", ]
"refsource" : "MISC", }
"url" : "http://www.networksecurity.fi/advisories/netscape-history.html" ]
}, },
{ "references": {
"name" : "http://www.mozilla.org/security/announce/mfsa2006-03.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/mfsa2006-03.html" "name": "MDKSA-2006:036",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" "name": "USN-275-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/275-1/"
"name" : "DSA-1044", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1044" "name": "19902",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19902"
"name" : "DSA-1046", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1046" "name": "21533",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/21533"
"name" : "DSA-1051", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1051" "name": "MDKSA-2006:037",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037"
"name" : "FEDORA-2006-075", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html" "name": "17944",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17944"
"name" : "FEDORA-2006-076", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html" "name": "HPSBUX02122",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
"name" : "FLSA-2006:180036-2", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/425978/100/0/threaded" "name": "19941",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19941"
"name" : "FLSA:180036-1", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/425975/100/0/threaded" "name": "17946",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17946"
"name" : "GLSA-200604-12", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" "name": "20051208 Re: re: Firefox 1.5 buffer overflow (poc)",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=113405896025702&w=2"
"name" : "GLSA-200604-18", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" "name": "FEDORA-2006-075",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html"
"name" : "HPSBUX02122", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" "name": "GLSA-200604-12",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
"name" : "SSRT061158", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" "name": "21622",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21622"
"name" : "MDKSA-2006:036", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:036" "name": "19862",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19862"
"name" : "MDKSA-2006:037", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:037" "name": "19230",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19230"
"name" : "RHSA-2006:0199", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0199.html" "name": "18704",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18704"
"name" : "RHSA-2006:0200", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0200.html" "name": "http://www.networksecurity.fi/advisories/netscape-history.html",
}, "refsource": "MISC",
{ "url": "http://www.networksecurity.fi/advisories/netscape-history.html"
"name" : "SCOSA-2006.26", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
"name" : "20060201-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U" "name": "DSA-1051",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1051"
"name" : "102550", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" "name": "18709",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18709"
"name" : "228526", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" "name": "USN-271-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/271-1/"
"name" : "USN-275-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/275-1/" "name": "18705",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18705"
"name" : "USN-271-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/271-1/" "name": "GLSA-200604-18",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
"name" : "15773", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15773" "name": "16476",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16476"
"name" : "16476", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16476" "name": "ADV-2006-0413",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0413"
"name" : "oval:org.mitre.oval:def:11382", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382" "name": "http://www.mozilla.org/security/announce/mfsa2006-03.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/mfsa2006-03.html"
"name" : "ADV-2005-2805", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2805" "name": "1015328",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015328"
"name" : "ADV-2006-0413", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0413" "name": "19746",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19746"
"name" : "ADV-2006-3391", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3391" "name": "21033",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21033"
"name" : "21533", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21533" "name": "18700",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18700"
"name" : "oval:org.mitre.oval:def:1619", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619" "name": "102550",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
"name" : "1015328", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015328" "name": "19759",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19759"
"name" : "17934", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17934" "name": "RHSA-2006:0200",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0200.html"
"name" : "17944", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17944" "name": "18706",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18706"
"name" : "17946", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17946" "name": "17934",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17934"
"name" : "18700", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18700" "name": "SSRT061158",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
"name" : "18704", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18704" "name": "15773",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15773"
"name" : "18708", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18708" "name": "FEDORA-2006-076",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html"
"name" : "18709", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18709" "name": "http://www.mozilla.org/security/history-title.html",
}, "refsource": "MISC",
{ "url": "http://www.mozilla.org/security/history-title.html"
"name" : "18705", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18705" "name": "RHSA-2006:0199",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0199.html"
"name" : "18706", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18706" "name": "19863",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19863"
"name" : "19230", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19230" "name": "FLSA-2006:180036-2",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/425978/100/0/threaded"
"name" : "19759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19759" "name": "oval:org.mitre.oval:def:11382",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382"
"name" : "19852", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19852" "name": "20060201-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
"name" : "19862", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19862" "name": "SCOSA-2006.26",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
"name" : "19863", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19863" "name": "18708",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18708"
"name" : "19902", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19902" "name": "ADV-2005-2805",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2805"
"name" : "19941", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19941" "name": "FLSA:180036-1",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/425975/100/0/threaded"
"name" : "19746", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19746" "name": "oval:org.mitre.oval:def:1619",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619"
"name" : "21033", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21033" "name": "20051208 re: Firefox 1.5 buffer overflow (poc)",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=113404911919629&w=2"
"name" : "21622", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21622" "name": "228526",
} "refsource": "SUNALERT",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
} },
} {
"name": "19852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19852"
},
{
"name": "ADV-2006-3391",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3391"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
}

140
2005/4xxx/CVE-2005-4431.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4431", "ID": "CVE-2005-4431",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html" "lang": "eng",
}, "value": "SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181."
{ }
"name" : "21441", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/21441" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21442", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21442" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/wowbb-165-sql-vuln.html"
},
{
"name": "21442",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21442"
},
{
"name": "21441",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21441"
}
]
}
}

160
2005/4xxx/CVE-2005-4492.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4492", "ID": "CVE-2005-4492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/sitesage-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/sitesage-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter."
{ }
"name" : "16017", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16017" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-3051", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/3051" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21861", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21861" ]
}, },
{ "references": {
"name" : "18214", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18214" "name": "http://pridels0.blogspot.com/2005/12/sitesage-xss-vuln.html",
} "refsource": "MISC",
] "url": "http://pridels0.blogspot.com/2005/12/sitesage-xss-vuln.html"
} },
} {
"name": "ADV-2005-3051",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3051"
},
{
"name": "18214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18214"
},
{
"name": "21861",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21861"
},
{
"name": "16017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16017"
}
]
}
}

160
2005/4xxx/CVE-2005-4882.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4882", "ID": "CVE-2005-4882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Simple Imager (WSI) and other products, allows remote attackers to cause a denial of service (daemon crash) via a long filename in a TFTP read (aka RRQ or get) request, a different vulnerability than CVE-2002-2226."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050112 TFTPD32 Long FileName Remote Denial of Service", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0386.html" "lang": "eng",
}, "value": "tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Simple Imager (WSI) and other products, allows remote attackers to cause a denial of service (daemon crash) via a long filename in a TFTP read (aka RRQ or get) request, a different vulnerability than CVE-2002-2226."
{ }
"name" : "http://secway.org/advisory/ad20050108.txt", ]
"refsource" : "MISC", },
"url" : "http://secway.org/advisory/ad20050108.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#632633", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/632633" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12898", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/12898" ]
}, },
{ "references": {
"name" : "1012856", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012856" "name": "20050112 TFTPD32 Long FileName Remote Denial of Service",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0386.html"
} },
} {
"name": "VU#632633",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/632633"
},
{
"name": "http://secway.org/advisory/ad20050108.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/ad20050108.txt"
},
{
"name": "12898",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12898"
},
{
"name": "1012856",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012856"
}
]
}
}

150
2009/0xxx/CVE-2009-0109.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0109", "ID": "CVE-2009-0109",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7682", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7682" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "33132", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33132" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33395", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33395" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4892", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4892" ]
} },
] "references": {
} "reference_data": [
} {
"name": "7682",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7682"
},
{
"name": "4892",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4892"
},
{
"name": "33132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33132"
},
{
"name": "33395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33395"
}
]
}
}

180
2009/0xxx/CVE-2009-0729.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0729", "ID": "CVE-2009-0729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33860", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33860" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "52175", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/52175" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52176", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52176" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52177", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/52177" ]
}, },
{ "references": {
"name" : "52178", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52178" "name": "52178",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/52178"
"name" : "33983", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33983" "name": "52177",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/52177"
"name" : "pageengine-fprefix-file-include(48856)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48856" "name": "pageengine-fprefix-file-include(48856)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48856"
} },
} {
"name": "52175",
"refsource": "OSVDB",
"url": "http://osvdb.org/52175"
},
{
"name": "52176",
"refsource": "OSVDB",
"url": "http://osvdb.org/52176"
},
{
"name": "33860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33860"
},
{
"name": "33983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33983"
}
]
}
}

140
2009/1xxx/CVE-2009-1452.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1452", "ID": "CVE-2009-1452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8460", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8460" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450."
{ }
"name" : "34569", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34569" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "smadb-formatphp-file-include(49928)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49928" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "8460",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8460"
},
{
"name": "smadb-formatphp-file-include(49928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49928"
},
{
"name": "34569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34569"
}
]
}
}

170
2009/1xxx/CVE-2009-1990.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-1990", "ID": "CVE-2009-1990",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors."
{ }
"name" : "TA09-294A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36749", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36749" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59117", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/59117" ]
}, },
{ "references": {
"name" : "1023058", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023058" "name": "59117",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/59117"
"name" : "37099", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37099" "name": "TA09-294A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name": "1023058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023058"
},
{
"name": "37099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37099"
},
{
"name": "36749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36749"
}
]
}
}

280
2009/4xxx/CVE-2009-4055.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4055", "ID": "CVE-2009-4055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091130 AST-2009-010: RTP Remote Crash Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/508147/100/0/threaded" "lang": "eng",
}, "value": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length."
{ }
"name" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt" ]
}, },
{ "references": {
"name" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt" "name": "37153",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37153"
"name" : "http://downloads.digium.com/pub/security/AST-2009-010.html", },
"refsource" : "CONFIRM", {
"url" : "http://downloads.digium.com/pub/security/AST-2009-010.html" "name": "20091130 AST-2009-010: RTP Remote Crash Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/508147/100/0/threaded"
"name" : "https://issues.asterisk.org/view.php?id=16242", },
"refsource" : "CONFIRM", {
"url" : "https://issues.asterisk.org/view.php?id=16242" "name": "37677",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37677"
"name" : "DSA-1952", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1952" "name": "1023249",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023249"
"name" : "FEDORA-2009-12461", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html" "name": "DSA-1952",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1952"
"name" : "37153", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37153" "name": "asterisk-rtp-comfortnoise-dos(54471)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471"
"name" : "60569", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/60569" "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt",
}, "refsource": "CONFIRM",
{ "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt"
"name" : "1023249", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023249" "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt",
}, "refsource": "CONFIRM",
{ "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt"
"name" : "37530", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37530" "name": "37530",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37530"
"name" : "37708", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37708" "name": "FEDORA-2009-12461",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html"
"name" : "37677", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37677" "name": "https://issues.asterisk.org/view.php?id=16242",
}, "refsource": "CONFIRM",
{ "url": "https://issues.asterisk.org/view.php?id=16242"
"name" : "ADV-2009-3368", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3368" "name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt",
}, "refsource": "CONFIRM",
{ "url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt"
"name" : "asterisk-rtp-comfortnoise-dos(54471)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54471" "name": "37708",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/37708"
} },
} {
"name": "60569",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60569"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2009-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2009-010.html"
},
{
"name": "ADV-2009-3368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3368"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt"
}
]
}
}

160
2009/4xxx/CVE-2009-4183.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2009-4183", "ID": "CVE-2009-4183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified \"access\" via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMA02502", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126461112019142&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 and 6.10 allows local users to obtain unspecified \"access\" via unknown vectors."
{ }
"name" : "SSRT090171", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=126461112019142&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37964", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37964" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61955", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/61955" ]
}, },
{ "references": {
"name" : "38306", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38306" "name": "61955",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/61955"
} },
} {
"name": "38306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38306"
},
{
"name": "37964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37964"
},
{
"name": "HPSBMA02502",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126461112019142&w=2"
},
{
"name": "SSRT090171",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126461112019142&w=2"
}
]
}
}

320
2009/4xxx/CVE-2009-4324.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2009-4324", "ID": "CVE-2009-4324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009."
{ }
"name" : "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html", ]
"refsource" : "MISC", },
"url" : "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb", "description": [
"refsource" : "MISC", {
"url" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214", ]
"refsource" : "MISC", }
"url" : "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214" ]
}, },
{ "references": {
"name" : "http://www.symantec.com/connect/blogs/zero-day-xmas-present", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.symantec.com/connect/blogs/zero-day-xmas-present" "name": "37331",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37331"
"name" : "http://www.adobe.com/support/security/advisories/apsa09-07.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/advisories/apsa09-07.html" "name": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html",
}, "refsource": "MISC",
{ "url": "http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html"
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html" "name": "37690",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37690"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=547799", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=547799" "name": "38138",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38138"
"name" : "RHSA-2010:0060", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0060.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=547799",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
"name" : "SUSE-SA:2010:008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" "name": "60980",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/60980"
"name" : "TA10-013A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-013A.html" "name": "VU#508357",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/508357"
"name" : "VU#508357", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/508357" "name": "acro-reader-unspecifed-code-execution(54747)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747"
"name" : "37331", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37331" "name": "ADV-2009-3518",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3518"
"name" : "60980", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/60980" "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb",
}, "refsource": "MISC",
{ "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb"
"name" : "oval:org.mitre.oval:def:6795", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795" "name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
"name" : "37690", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37690" "name": "oval:org.mitre.oval:def:6795",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6795"
"name" : "38138", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38138" "name": "RHSA-2010:0060",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
"name" : "38215", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38215" "name": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html",
}, "refsource": "MISC",
{ "url": "http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html"
"name" : "ADV-2009-3518", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3518" "name": "ADV-2010-0103",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0103"
"name" : "ADV-2010-0103", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0103" "name": "http://www.adobe.com/support/security/advisories/apsa09-07.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/advisories/apsa09-07.html"
"name" : "acro-reader-unspecifed-code-execution(54747)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54747" "name": "http://www.symantec.com/connect/blogs/zero-day-xmas-present",
} "refsource": "MISC",
] "url": "http://www.symantec.com/connect/blogs/zero-day-xmas-present"
} },
} {
"name": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214",
"refsource": "MISC",
"url": "http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214"
},
{
"name": "38215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38215"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "TA10-013A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
}
]
}
}

120
2009/4xxx/CVE-2009-4392.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4392", "ID": "CVE-2009-4392",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/" "lang": "eng",
} "value": "SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}

130
2009/4xxx/CVE-2009-4981.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4981", "ID": "CVE-2009-4981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/120/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/120/45/" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators."
{ }
"name" : "36150", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/36150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36150"
},
{
"name": "http://holisticinfosec.org/content/view/120/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/120/45/"
}
]
}
}

220
2012/2xxx/CVE-2012-2252.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2012-2252", "ID": "CVE-2012-2252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121127 Re: rssh security announcement", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html" "lang": "eng",
}, "value": "Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option."
{ }
"name" : "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/11/28/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/28/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20121128 rssh: incorrect filtering of command line options", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/11/27/15" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880177", "reference_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880177" "name": "51343",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51343"
"name" : "DSA-2578", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2578" "name": "51307",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51307"
"name" : "56708", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56708" "name": "[oss-security] 20121128 Re: rssh: incorrect filtering of command line options",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/11/28/2"
"name" : "87926", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87926" "name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
"name" : "51307", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51307" "name": "[oss-security] 20121127 Re: rssh: incorrect filtering of command line options",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/11/28/3"
"name" : "51343", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51343" "name": "DSA-2578",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2578"
"name" : "rssh-command-line-command-exec(80335)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335" "name": "rssh-command-line-command-exec(80335)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80335"
} },
} {
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880177",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880177"
},
{
"name": "87926",
"refsource": "OSVDB",
"url": "http://osvdb.org/87926"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}

130
2012/2xxx/CVE-2012-2753.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2753", "ID": "CVE-2012-2753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html" "lang": "eng",
}, "value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
{ }
"name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480", ]
"refsource" : "CONFIRM", },
"url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
},
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480"
}
]
}
}

160
2012/2xxx/CVE-2012-2894.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2894", "ID": "CVE-2012-2894",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html" "lang": "eng",
}, "value": "Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=144899", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=144899" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2012:1376", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15855", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15855" ]
}, },
{ "references": {
"name" : "google-chrome-cve20122894(78830)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78830" "name": "https://code.google.com/p/chromium/issues/detail?id=144899",
} "refsource": "CONFIRM",
] "url": "https://code.google.com/p/chromium/issues/detail?id=144899"
} },
} {
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "oval:org.mitre.oval:def:15855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15855"
},
{
"name": "openSUSE-SU-2012:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
},
{
"name": "google-chrome-cve20122894(78830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78830"
}
]
}
}

220
2012/3xxx/CVE-2012-3985.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3985", "ID": "CVE-2012-3985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-76.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-76.html" "lang": "eng",
}, "value": "Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=655649", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=655649" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2012:1351", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1611-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1611-1" ]
}, },
{ "references": {
"name" : "86106", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86106" "name": "50904",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50904"
"name" : "oval:org.mitre.oval:def:16108", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16108" "name": "50984",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50984"
"name" : "50856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50856" "name": "50935",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50935"
"name" : "50892", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50892" "name": "oval:org.mitre.oval:def:16108",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16108"
"name" : "50904", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50904" "name": "50856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50856"
"name" : "50935", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50935" "name": "86106",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/86106"
"name" : "50984", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50984" "name": "50892",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/50892"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=655649",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=655649"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-76.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-76.html"
},
{
"name": "SUSE-SU-2012:1351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"name": "USN-1611-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1611-1"
}
]
}
}

120
2012/6xxx/CVE-2012-6146.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6146", "ID": "CVE-2012-6146",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" "lang": "eng",
} "value": "The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
}
]
}
}

34
2012/6xxx/CVE-2012-6158.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6158", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6158",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

34
2012/6xxx/CVE-2012-6224.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6224", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6224",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

120
2015/1xxx/CVE-2015-1617.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1617", "ID": "CVE-2015-1617",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10098", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10098" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10098",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10098"
}
]
}
}

150
2015/1xxx/CVE-2015-1739.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1739", "ID": "CVE-2015-1739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-249", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-249" "lang": "eng",
}, "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\""
{ }
"name" : "MS15-056", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74995", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74995" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032521", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032521" ]
} },
] "references": {
} "reference_data": [
} {
"name": "MS15-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056"
},
{
"name": "74995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74995"
},
{
"name": "1032521",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032521"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-249",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-249"
}
]
}
}

170
2015/1xxx/CVE-2015-1827.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1827", "ID": "CVE-2015-1827",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205200", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205200" "lang": "eng",
}, "value": "The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups."
{ }
"name" : "https://fedorahosted.org/freeipa/ticket/4908", ]
"refsource" : "CONFIRM", },
"url" : "https://fedorahosted.org/freeipa/ticket/4908" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2015-4788", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154103.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2015-4747", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:0728", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0728.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205200",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205200"
"name" : "73376", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73376" "name": "FEDORA-2015-4747",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html"
} },
} {
"name": "https://fedorahosted.org/freeipa/ticket/4908",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/freeipa/ticket/4908"
},
{
"name": "73376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73376"
},
{
"name": "FEDORA-2015-4788",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154103.html"
},
{
"name": "RHSA-2015:0728",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0728.html"
}
]
}
}

130
2015/5xxx/CVE-2015-5451.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2015-5451", "ID": "CVE-2015-5451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04894110", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04894110" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
{ }
"name" : "1034177", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034177" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034177",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034177"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04894110",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04894110"
}
]
}
}

210
2015/5xxx/CVE-2015-5809.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5809", "ID": "CVE-2015-5809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
{ }
"name" : "https://support.apple.com/HT205221", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205265", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205265" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-09-16-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" "name": "https://support.apple.com/HT205221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205221"
"name" : "APPLE-SA-2015-09-30-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "openSUSE-SU-2016:0915", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" "name": "https://support.apple.com/HT205212",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205212"
"name" : "USN-2937-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2937-1" "name": "76763",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/76763"
"name" : "76763", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76763" "name": "https://support.apple.com/HT205265",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205265"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "APPLE-SA-2015-09-16-3",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
} },
} {
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "openSUSE-SU-2016:0915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name": "USN-2937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2937-1"
}
]
}
}

34
2015/5xxx/CVE-2015-5982.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-5982", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-5982",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

120
2015/5xxx/CVE-2015-5992.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-5992", "ID": "CVE-2015-5992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#525276", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/525276" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#525276",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/525276"
}
]
}
}

34
2018/11xxx/CVE-2018-11042.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-11042", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-11042",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }
} }

178
2018/11xxx/CVE-2018-11052.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-19T04:00:00.000Z", "DATE_PUBLIC": "2018-06-19T04:00:00.000Z",
"ID" : "CVE-2018-11052", "ID": "CVE-2018-11052",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Dell EMC ECS S3 Authentication Bypass Vulnerability" "TITLE": "Dell EMC ECS S3 Authentication Bypass Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ECS", "product_name": "ECS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.2.0.0" "version_value": "3.2.0.0"
}, },
{ {
"version_value" : "3.2.0.1" "version_value": "3.2.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass Vulnerability\n"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180619 DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Jul/1" "lang": "eng",
}, "value": "Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests."
{ }
"name" : "104660", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104660" "impact": {
} "cvss": {
] "attackComplexity": "LOW",
}, "attackVector": "NETWORK",
"source" : { "availabilityImpact": "HIGH",
"discovery" : "UNKNOWN" "baseScore": 9.8,
} "baseSeverity": "CRITICAL",
} "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104660"
},
{
"name": "20180619 DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2018/11xxx/CVE-2018-11168.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11168", "ID": "CVE-2018-11168",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/71" "lang": "eng",
}, "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46)."
{ }
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

140
2018/11xxx/CVE-2018-11173.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11173", "ID": "CVE-2018-11173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/71" "lang": "eng",
}, "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46)."
{ }
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

34
2018/15xxx/CVE-2018-15234.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15234", "ID": "CVE-2018-15234",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/15xxx/CVE-2018-15355.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnerability@kaspersky.com", "ASSIGNER": "vulnerability@kaspersky.com",
"ID" : "CVE-2018-15355", "ID": "CVE-2018-15355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Kraftway", "product_name": "Kraftway",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kraftway 24F2XG Router firmware 3.5.30.1118" "version_value": "Kraftway 24F2XG Router firmware 3.5.30.1118"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Kaspersky Lab" "vendor_name": "Kaspersky Lab"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Usage of SSLv2 and SSLv3 leads to transmitted data decryption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-011-kraftway-24f2xg-router-outdated-certificate-usage/", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-011-kraftway-24f2xg-router-outdated-certificate-usage/" "lang": "eng",
} "value": "Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Usage of SSLv2 and SSLv3 leads to transmitted data decryption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-011-kraftway-24f2xg-router-outdated-certificate-usage/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-011-kraftway-24f2xg-router-outdated-certificate-usage/"
}
]
}
}

120
2018/15xxx/CVE-2018-15567.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15567", "ID": "CVE-2018-15567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMSUno before 1.5.3 has XSS via the title field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/boiteasite/cmsuno/issues/7", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/boiteasite/cmsuno/issues/7" "lang": "eng",
} "value": "CMSUno before 1.5.3 has XSS via the title field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/boiteasite/cmsuno/issues/7",
"refsource": "MISC",
"url": "https://github.com/boiteasite/cmsuno/issues/7"
}
]
}
}

120
2018/15xxx/CVE-2018-15655.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15655", "ID": "CVE-2018-15655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/", "description_data": [
"refsource" : "MISC", {
"url" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/" "lang": "eng",
} "value": "An issue was discovered in 42Gears SureMDM before 2018-11-27, related to CORS settings. Cross-origin access is possible."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/",
"refsource": "MISC",
"url": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/"
}
]
}
}

150
2018/3xxx/CVE-2018-3016.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3016", "ID": "CVE-2018-3016",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise PT PeopleTools", "product_name": "PeopleSoft Enterprise PT PeopleTools",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.55" "version_value": "8.55"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.56" "version_value": "8.56"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
{ }
"name" : "104824", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104824" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041306", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041306" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104824"
},
{
"name": "1041306",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041306"
}
]
}
}

34
2018/3xxx/CVE-2018-3351.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3351", "ID": "CVE-2018-3351",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3356.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3356", "ID": "CVE-2018-3356",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/3xxx/CVE-2018-3898.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2018-3898", "ID": "CVE-2018-3898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Yi Technology", "product_name": "Yi Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" "version_value": "Yi Technology Home Camera 27US 1.8.7.0D"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "unknown" "vendor_name": "unknown"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack-based Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571" "lang": "eng",
} "value": "An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0571"
}
]
}
}

418
2018/8xxx/CVE-2018-8424.json
View File

@ -1,211 +1,211 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8424", "ID": "CVE-2018-8424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8424", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8424" "lang": "eng",
}, "value": "An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \"Windows GDI Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422."
{ }
"name" : "105261", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105261" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8424",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8424"
},
{
"name": "105261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105261"
}
]
}
}

460
2018/8xxx/CVE-2018-8494.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8494", "ID": "CVE-2018-8494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2019", "product_name": "Windows Server 2019",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for 32-bit Systems" "version_value": "Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1809 for x64-based Systems" "version_value": "Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \"MS XML Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494" "lang": "eng",
}, "value": "A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \"MS XML Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "105457", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105457" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041844", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041844" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041844"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8494"
},
{
"name": "105457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105457"
}
]
}
}

140
2018/8xxx/CVE-2018-8947.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8947", "ID": "CVE-2018-8947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44343", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44343/" "lang": "eng",
}, "value": "rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request."
{ }
"name" : "https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357", ]
"refsource" : "MISC", },
"url" : "https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357",
"refsource": "MISC",
"url": "https://github.com/rap2hpoutre/laravel-log-viewer/commit/cda89c06dc5331d06fab863d7cb1c4047ad68357"
},
{
"name": "https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0",
"refsource": "MISC",
"url": "https://github.com/rap2hpoutre/laravel-log-viewer/releases/tag/v0.13.0"
},
{
"name": "44343",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44343/"
}
]
}
}