admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:22:31 +00:00
parent efb2d79552
commit fb1b8bf1cc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3633 additions and 3633 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2005/0xxx/CVE-2005-0119.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vuxml.org/freebsd/bb99f803-5fde-11d9-b721-00065be4b5b6.html",
"refsource" : "CONFIRM",
"url" : "http://www.vuxml.org/freebsd/bb99f803-5fde-11d9-b721-00065be4b5b6.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vuxml.org/freebsd/bb99f803-5fde-11d9-b721-00065be4b5b6.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/bb99f803-5fde-11d9-b721-00065be4b5b6.html"
}
]
}
}

130
2005/0xxx/CVE-2005-0275.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050104 3Com 3CDaemon Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110485674622696&w=2"
},
{
"name" : "3cdaemon-reserved-name-dos(18750)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050104 3Com 3CDaemon Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110485674622696&w=2"
},
{
"name": "3cdaemon-reserved-name-dos(18750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18750"
}
]
}
}

160
2005/0xxx/CVE-2005-0447.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "57673",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57673-1"
},
{
"name" : "12553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12553"
},
{
"name" : "1013179",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013179"
},
{
"name" : "14286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14286"
},
{
"name" : "solaris-arp-dos(19331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-arp-dos(19331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19331"
},
{
"name": "12553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12553"
},
{
"name": "57673",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57673-1"
},
{
"name": "14286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14286"
},
{
"name": "1013179",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013179"
}
]
}
}

150
2005/1xxx/CVE-2005-1484.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a \"\\..\" (backward slash dot dot) with a leading '\"' (double quote) in the GET command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050504 Golden Ftp Server Pro - Directory Traversal Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111530871716145&w=2"
},
{
"name" : "13479",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13479"
},
{
"name" : "15175",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15175"
},
{
"name" : "goldenftp-dotdot-directory-traversal(20668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a \"\\..\" (backward slash dot dot) with a leading '\"' (double quote) in the GET command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13479"
},
{
"name": "goldenftp-dotdot-directory-traversal(20668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20668"
},
{
"name": "20050504 Golden Ftp Server Pro - Directory Traversal Vuln",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111530871716145&w=2"
},
{
"name": "15175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15175"
}
]
}
}

140
2005/3xxx/CVE-2005-3836.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/desklance-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/desklance-vuln.html"
},
{
"name" : "ADV-2005-2575",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2575"
},
{
"name" : "17730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17730"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2575",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2575"
},
{
"name": "17730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17730"
},
{
"name": "http://pridels0.blogspot.com/2005/11/desklance-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/desklance-vuln.html"
}
]
}
}

180
2005/4xxx/CVE-2005-4041.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html"
},
{
"name" : "http://pridels0.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html"
},
{
"name" : "15708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15708"
},
{
"name" : "ADV-2005-2736",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2736"
},
{
"name" : "ADV-2005-2737",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2737"
},
{
"name" : "17872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17872"
},
{
"name" : "17868",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17868"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15708"
},
{
"name": "ADV-2005-2736",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2736"
},
{
"name": "http://pridels0.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html"
},
{
"name": "http://pridels0.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html"
},
{
"name": "17868",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17868"
},
{
"name": "ADV-2005-2737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2737"
},
{
"name": "17872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17872"
}
]
}
}

160
2005/4xxx/CVE-2005-4252.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html"
},
{
"name" : "15845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15845"
},
{
"name" : "ADV-2005-2886",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2886"
},
{
"name" : "21721",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21721"
},
{
"name" : "18039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html"
},
{
"name": "18039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18039"
},
{
"name": "15845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15845"
},
{
"name": "ADV-2005-2886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2886"
},
{
"name": "21721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21721"
}
]
}
}

140
2005/4xxx/CVE-2005-4512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/waxtrapp-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/waxtrapp-xss-vuln.html"
},
{
"name" : "16037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16037"
},
{
"name" : "22046",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22046",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22046"
},
{
"name": "16037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16037"
},
{
"name": "http://pridels0.blogspot.com/2005/12/waxtrapp-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/waxtrapp-xss-vuln.html"
}
]
}
}

170
2005/4xxx/CVE-2005-4514.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051222 Webwasher CSM Appliance Script Security Restriction Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420106/100/0/threaded"
},
{
"name" : "20051223 RE: Webwasher CSM Appliance Script Security Restriction Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420158/100/0/threaded"
},
{
"name" : "20060103 RE: Webwasher CSM Appliance Script Security Restriction Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420678/100/0/threaded"
},
{
"name" : "16047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16047"
},
{
"name" : "293",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/293"
},
{
"name" : "webwasher-security-bypass(23884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051223 RE: Webwasher CSM Appliance Script Security Restriction Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420158/100/0/threaded"
},
{
"name": "webwasher-security-bypass(23884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23884"
},
{
"name": "20051222 Webwasher CSM Appliance Script Security Restriction Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420106/100/0/threaded"
},
{
"name": "16047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16047"
},
{
"name": "20060103 RE: Webwasher CSM Appliance Script Security Restriction Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420678/100/0/threaded"
},
{
"name": "293",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/293"
}
]
}
}

170
2009/0xxx/CVE-2009-0142.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to \"file enumeration logic.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3438",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3438"
},
{
"name" : "APPLE-SA-2009-02-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name" : "33759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33759"
},
{
"name" : "33812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33812"
},
{
"name" : "ADV-2009-0422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name" : "33937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to \"file enumeration logic.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33759"
},
{
"name": "33812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33812"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
}
]
}
}

34
2009/0xxx/CVE-2009-0724.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0724",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0724",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2009/0xxx/CVE-2009-0978.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
},
{
"name" : "53734",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53734"
},
{
"name" : "1022052",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022052"
},
{
"name" : "34693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "53734",
"refsource": "OSVDB",
"url": "http://osvdb.org/53734"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "1022052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022052"
}
]
}
}

290
2009/2xxx/CVE-2009-2465.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=482578",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=482578"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489050",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489050"
},
{
"name" : "FEDORA-2009-7961",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html"
},
{
"name" : "RHSA-2009:1162",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1162.html"
},
{
"name" : "265068",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
},
{
"name" : "1020800",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
},
{
"name" : "SUSE-SA:2009:042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"
},
{
"name" : "SUSE-SA:2009:039",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"
},
{
"name" : "35758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35758"
},
{
"name" : "oval:org.mitre.oval:def:10402",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10402"
},
{
"name" : "35914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35914"
},
{
"name" : "35943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35943"
},
{
"name" : "35944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35944"
},
{
"name" : "36145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36145"
},
{
"name" : "36005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36005"
},
{
"name" : "ADV-2009-1972",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1972"
},
{
"name" : "ADV-2009-2152",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "265068",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
},
{
"name": "1020800",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=482578",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=482578"
},
{
"name": "FEDORA-2009-7961",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html"
},
{
"name": "36145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36145"
},
{
"name": "35944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35944"
},
{
"name": "35943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35943"
},
{
"name": "SUSE-SA:2009:039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"
},
{
"name": "RHSA-2009:1162",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html"
},
{
"name": "oval:org.mitre.oval:def:10402",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10402"
},
{
"name": "35758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35758"
},
{
"name": "ADV-2009-2152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2152"
},
{
"name": "36005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36005"
},
{
"name": "SUSE-SA:2009:042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"
},
{
"name": "35914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35914"
},
{
"name": "ADV-2009-1972",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1972"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=489050",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=489050"
}
]
}
}

160
2009/3xxx/CVE-2009-3161.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024153",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24024153"
},
{
"name" : "IC62164",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164"
},
{
"name" : "36310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36310"
},
{
"name" : "36647",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36647"
},
{
"name" : "ADV-2009-2578",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2578"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24024153",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24024153"
},
{
"name": "36310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36310"
},
{
"name": "IC62164",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC62164"
},
{
"name": "36647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36647"
}
]
}
}

130
2009/3xxx/CVE-2009-3192.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/linkorcms-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/linkorcms-xss.txt"
},
{
"name" : "36487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36487"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/linkorcms-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/linkorcms-xss.txt"
}
]
}
}

34
2009/3xxx/CVE-2009-3681.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3681",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3681",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

150
2009/4xxx/CVE-2009-4194.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.sat0ri.com/?p=292",
"refsource" : "MISC",
"url" : "http://blog.sat0ri.com/?p=292"
},
{
"name" : "10258",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10258"
},
{
"name" : "37527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37527"
},
{
"name" : "goldenftp-public-directory-traversal(54497)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. (dot dot) in the DELE command. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37527"
},
{
"name": "10258",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10258"
},
{
"name": "http://blog.sat0ri.com/?p=292",
"refsource": "MISC",
"url": "http://blog.sat0ri.com/?p=292"
},
{
"name": "goldenftp-public-directory-traversal(54497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54497"
}
]
}
}

180
2009/4xxx/CVE-2009-4240.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21406224",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21406224"
},
{
"name" : "JR30394",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30394"
},
{
"name" : "37245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37245"
},
{
"name" : "60807",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/60807"
},
{
"name" : "37556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37556"
},
{
"name" : "ADV-2009-3432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3432"
},
{
"name" : "ibm-iis-setuid-bo(54609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60807"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21406224",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21406224"
},
{
"name": "37245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37245"
},
{
"name": "ADV-2009-3432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3432"
},
{
"name": "JR30394",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR30394"
},
{
"name": "37556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37556"
},
{
"name": "ibm-iis-setuid-bo(54609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54609"
}
]
}
}

140
2009/4xxx/CVE-2009-4472.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9583",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9583"
},
{
"name" : "ADV-2009-2536",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2536"
},
{
"name" : "phpope-index-compose-file-include(53018)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[config][dir][plugins] parameter to plugins/address/admin/index.php, (2) GLOBALS[config][dir][functions] parameter to plugins/im/compose.php, and (3) GLOBALS[config][dir][classes] parameter to plugins/cssedit/admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpope-index-compose-file-include(53018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53018"
},
{
"name": "9583",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9583"
},
{
"name": "ADV-2009-2536",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2536"
}
]
}
}

200
2009/4xxx/CVE-2009-4492.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name" : "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection"
},
{
"name" : "RHSA-2011:0908",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
},
{
"name" : "RHSA-2011:0909",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
},
{
"name" : "37710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37710"
},
{
"name" : "1023429",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023429"
},
{
"name" : "37949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37949"
},
{
"name" : "ADV-2010-0089",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection"
},
{
"name": "RHSA-2011:0909",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
},
{
"name": "37949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37949"
},
{
"name": "ADV-2010-0089",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0089"
},
{
"name": "RHSA-2011:0908",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
},
{
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "37710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37710"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"name": "1023429",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023429"
}
]
}
}

120
2009/4xxx/CVE-2009-4770.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource" : "MISC",
"url" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 has a default password of pass123 for the moderator account, which makes it easier for remote attackers to obtain privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
}
]
}
}

120
2009/4xxx/CVE-2009-4912.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}

170
2012/2xxx/CVE-2012-2885.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=142310",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=142310"
},
{
"name" : "openSUSE-SU-2012:1376",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
},
{
"name" : "85755",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85755"
},
{
"name" : "oval:org.mitre.oval:def:15561",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15561"
},
{
"name" : "google-chrome-cve20122885(78840)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=142310",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=142310"
},
{
"name": "oval:org.mitre.oval:def:15561",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15561"
},
{
"name": "85755",
"refsource": "OSVDB",
"url": "http://osvdb.org/85755"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "google-chrome-cve20122885(78840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78840"
},
{
"name": "openSUSE-SU-2012:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
}
]
}
}

140
2012/2xxx/CVE-2012-2999.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cerberusftp.com/products/releasenotes.html",
"refsource" : "CONFIRM",
"url" : "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name" : "VU#989684",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/989684"
},
{
"name" : "55788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user account or (2) reconfigure the state of the FTP service, as demonstrated by a request to usermanager/users/modify."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#989684",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989684"
},
{
"name": "http://www.cerberusftp.com/products/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"name": "55788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55788"
}
]
}
}

150
2015/0xxx/CVE-2015-0372.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72183"
},
{
"name" : "62476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62476"
},
{
"name" : "oracle-cpujan2015-cve20150372(100078)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100078"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62476"
},
{
"name": "oracle-cpujan2015-cve20150372(100078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100078"
},
{
"name": "72183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72183"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}
}

140
2015/0xxx/CVE-2015-0782.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2015-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-148",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-148"
},
{
"name" : "https://www.novell.com/support/kb/doc.php?id=7016431",
"refsource" : "CONFIRM",
"url" : "https://www.novell.com/support/kb/doc.php?id=7016431"
},
{
"name" : "72808",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72808"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72808"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016431",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016431"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-148",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-148"
}
]
}
}

140
2015/0xxx/CVE-2015-0861.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tryton.org/posts/security-release-for-issue5167.html",
"refsource" : "CONFIRM",
"url" : "http://www.tryton.org/posts/security-release-for-issue5167.html"
},
{
"name" : "https://bugs.tryton.org/issue5167",
"refsource" : "CONFIRM",
"url" : "https://bugs.tryton.org/issue5167"
},
{
"name" : "DSA-3425",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tryton.org/posts/security-release-for-issue5167.html",
"refsource": "CONFIRM",
"url": "http://www.tryton.org/posts/security-release-for-issue5167.html"
},
{
"name": "DSA-3425",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3425"
},
{
"name": "https://bugs.tryton.org/issue5167",
"refsource": "CONFIRM",
"url": "https://bugs.tryton.org/issue5167"
}
]
}
}

120
2015/1xxx/CVE-2015-1521.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0",
"refsource" : "CONFIRM",
"url" : "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0",
"refsource": "CONFIRM",
"url": "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0"
}
]
}
}

150
2015/1xxx/CVE-2015-1845.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150401 CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/01/5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207645",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207645"
},
{
"name" : "73693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73693"
},
{
"name" : "1032011",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73693"
},
{
"name": "1032011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032011"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207645",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207645"
},
{
"name": "[oss-security] 20150401 CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/01/5"
}
]
}
}

130
2015/1xxx/CVE-2015-1889.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700654",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700654"
},
{
"name" : "1032150",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032150",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032150"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700654",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700654"
}
]
}
}

140
2015/1xxx/CVE-2015-1969.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967384",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
},
{
"name" : "76472",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76472"
},
{
"name" : "1034050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76472"
},
{
"name": "1034050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034050"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
}
]
}
}

120
2015/5xxx/CVE-2015-5329.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2015:2650",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2015:2650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2650"
}
]
}
}

150
2015/5xxx/CVE-2015-5377.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-365/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"
},
{
"name" : "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2",
"refsource" : "MISC",
"url" : "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2"
},
{
"name" : "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736",
"refsource" : "CONFIRM",
"url" : "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736"
},
{
"name" : "75938",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elasticsearch-remote-code-execution-cve-2015-5377/25736"
},
{
"name": "75938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75938"
},
{
"name": "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2",
"refsource": "MISC",
"url": "https://github.com/elastic/elasticsearch/commit/bf3052d14c874aead7da8855c5fcadf5428a43f2"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-365/"
}
]
}
}

160
2015/5xxx/CVE-2015-5528.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/132670/WordPress-Floating-Social-Bar-1.1.5-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132670/WordPress-Floating-Social-Bar-1.1.5-Cross-Site-Scripting.html"
},
{
"name" : "http://security.szurek.pl/floating-social-bar-115-xss.html",
"refsource" : "MISC",
"url" : "http://security.szurek.pl/floating-social-bar-115-xss.html"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8098",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8098"
},
{
"name" : "https://wordpress.org/plugins/floating-social-bar/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/floating-social-bar/changelog/"
},
{
"name" : "75944",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8098",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8098"
},
{
"name": "http://security.szurek.pl/floating-social-bar-115-xss.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/floating-social-bar-115-xss.html"
},
{
"name": "https://wordpress.org/plugins/floating-social-bar/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/floating-social-bar/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/132670/WordPress-Floating-Social-Bar-1.1.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132670/WordPress-Floating-Social-Bar-1.1.5-Cross-Site-Scripting.html"
},
{
"name": "75944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75944"
}
]
}
}

190
2015/5xxx/CVE-2015-5740.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150729 CVE Request - Go net/http library - HTTP smuggling",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/237"
},
{
"name" : "[oss-security] 20150804 CVE Request - Go net/http library - HTTP smuggling",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/292"
},
{
"name" : "[oss-security] 20150805 Re: CVE Request - Go net/http library - HTTP smuggling",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/294"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352"
},
{
"name" : "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f",
"refsource" : "CONFIRM",
"url" : "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f"
},
{
"name" : "FEDORA-2015-15618",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html"
},
{
"name" : "FEDORA-2015-15619",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html"
},
{
"name" : "RHSA-2016:1538",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150804 CVE Request - Go net/http library - HTTP smuggling",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/292"
},
{
"name": "FEDORA-2015-15619",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html"
},
{
"name": "FEDORA-2015-15618",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html"
},
{
"name": "RHSA-2016:1538",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352"
},
{
"name": "[oss-security] 20150805 Re: CVE Request - Go net/http library - HTTP smuggling",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/294"
},
{
"name": "[oss-security] 20150729 CVE Request - Go net/http library - HTTP smuggling",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/237"
},
{
"name": "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f",
"refsource": "CONFIRM",
"url": "https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f"
}
]
}
}

190
2015/5xxx/CVE-2015-5899.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205213",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205213"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5911.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205219",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205219"
},
{
"name" : "APPLE-SA-2015-09-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name" : "1033595",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033595"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205219"
}
]
}
}

148
2018/1002xxx/CVE-2018-1002007.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "larry0@me.com",
"DATE_ASSIGNED" : "2018-08-22",
"ID" : "CVE-2018-1002007",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Arigato Autoresponder and Newsletter",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "2.5.1.8"
}
]
}
}
]
},
"vendor_name" : "Kiboko Labs https://calendarscripts.info/"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-08-22",
"ID": "CVE-2018-1002007",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arigato Autoresponder and Newsletter",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "2.5.1.8"
}
]
}
}
]
},
"vendor_name": "Kiboko Labs https://calendarscripts.info/"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45434",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45434/"
},
{
"name" : "http://www.vapidlabs.com/advisory.php?v=203",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=203"
},
{
"name" : "https://wordpress.org/plugins/bft-autoresponder/",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/bft-autoresponder/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
}

130
2018/11xxx/CVE-2018-11020.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md",
"refsource" : "MISC",
"url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md"
},
{
"name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md",
"refsource" : "MISC",
"url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md",
"refsource": "MISC",
"url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"
},
{
"name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md",
"refsource": "MISC",
"url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11020.md"
}
]
}
}

130
2018/11xxx/CVE-2018-11650.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Graylog2/graylog2-server/pull/4727",
"refsource" : "MISC",
"url" : "https://github.com/Graylog2/graylog2-server/pull/4727"
},
{
"name" : "https://www.graylog.org/post/announcing-graylog-v2-4-4",
"refsource" : "MISC",
"url" : "https://www.graylog.org/post/announcing-graylog-v2-4-4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Graylog2/graylog2-server/pull/4727",
"refsource": "MISC",
"url": "https://github.com/Graylog2/graylog2-server/pull/4727"
},
{
"name": "https://www.graylog.org/post/announcing-graylog-v2-4-4",
"refsource": "MISC",
"url": "https://www.graylog.org/post/announcing-graylog-v2-4-4"
}
]
}
}

142
2018/3xxx/CVE-2018-3057.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sun ZFS Storage Appliance Kit (AK) Software",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "8.7.18"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.7.18"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104783"
},
{
"name" : "1041303",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104783"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041303"
}
]
}
}

140
2018/3xxx/CVE-2018-3225.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105603"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

34
2018/3xxx/CVE-2018-3547.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3547",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3547",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/3xxx/CVE-2018-3600.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-3600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Control Manager",
"version": {
"version_data": [
{
"version_value": "6.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-111/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
},
{
"name" : "https://success.trendmicro.com/solution/1119158",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
},
{
"name": "https://success.trendmicro.com/solution/1119158",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119158"
}
]
}
}

150
2018/3xxx/CVE-2018-3740.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-3740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sanitize (ruby gem)",
"version" : {
"version_data" : [
{
"version_value" : "< 4.6.3"
}
]
}
}
]
},
"vendor_name" : "Ryan Grove"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sanitize (ruby gem)",
"version": {
"version_data": [
{
"version_value": "< 4.6.3"
}
]
}
}
]
},
"vendor_name": "Ryan Grove"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
"refsource" : "CONFIRM",
"url" : "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
},
{
"name" : "https://github.com/rgrove/sanitize/issues/176",
"refsource" : "CONFIRM",
"url" : "https://github.com/rgrove/sanitize/issues/176"
},
{
"name" : "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
"refsource" : "CONFIRM",
"url" : "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
},
{
"name" : "DSA-4358",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4358",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4358"
},
{
"name": "https://github.com/rgrove/sanitize/issues/176",
"refsource": "CONFIRM",
"url": "https://github.com/rgrove/sanitize/issues/176"
},
{
"name": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
},
{
"name": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
"refsource": "CONFIRM",
"url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
}
]
}
}

160
2018/7xxx/CVE-2018-7337.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-08.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-08.html"
},
{
"name" : "103164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
},
{
"name": "103164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103164"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-08.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-08.html"
}
]
}
}

150
2018/7xxx/CVE-2018-7542.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://xenbits.xen.org/xsa/advisory-256.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-256.html"
},
{
"name" : "DSA-4131",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4131"
},
{
"name" : "GLSA-201810-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-06"
},
{
"name" : "1040776",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040776"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-256.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-256.html"
},
{
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "1040776",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040776"
},
{
"name": "DSA-4131",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4131"
}
]
}
}

120
2018/7xxx/CVE-2018-7761.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
"version" : {
"version_data" : [
{
"version_value" : "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbritrary Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
"version": {
"version_data": [
{
"version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbritrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
}
]
}
}

122
2018/7xxx/CVE-2018-7776.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-7776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.Motion",
"version": {
"version_data": [
{
"version_value": "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
}

34
2018/8xxx/CVE-2018-8095.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8095",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8095",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8293.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8293",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8293",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8322.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8322",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8322",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/8xxx/CVE-2018-8609.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Dynamics 365",
"version" : {
"version_data" : [
{
"version_value" : "premises) version 8"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka \"Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability.\" This affects Microsoft Dynamics 365."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics 365",
"version": {
"version_data": [
{
"version_value": "premises) version 8"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8609",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8609"
},
{
"name" : "105894",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka \"Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability.\" This affects Microsoft Dynamics 365."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105894"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8609",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8609"
}
]
}
}