admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:09:15 +00:00
parent 5983544149
commit fc3737311b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3568 additions and 3568 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2005/0xxx/CVE-2005-0218.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0218",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0218",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL."
"lang": "eng",
"value": "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050110 Multi-vendor AV gateway image inspection bypass vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
"name": "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
},
{
"name" : "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
"name": "http://sourceforge.net/project/shownotes.php?release_id=300116",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=300116",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=300116"
"name": "20050110 Multi-vendor AV gateway image inspection bypass vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
},
{
"name" : "GLSA-200501-46",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
"name": "GLSA-200501-46",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name" : "MDKSA-2005:025",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
"name": "13900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13900/"
},
{
"name" : "13900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13900/"
"name": "MDKSA-2005:025",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
]
}

22
2005/0xxx/CVE-2005-0355.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0355",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0355",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2005/0xxx/CVE-2005-0535.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0535",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0535",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=307067",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=307067"
"name": "1013260",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013260"
},
{
"name" : "GLSA-200502-33",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
"name": "GLSA-200502-33",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
},
{
"name" : "1013260",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013260"
"name": "http://sourceforge.net/project/shownotes.php?release_id=307067",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
},
{
"name" : "14360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14360"
"name": "14360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14360"
}
]
}

128
2005/0xxx/CVE-2005-0966.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0966",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0966",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions."
"lang": "eng",
"value": "The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050401 multiple remote denial of service vulnerabilities in Gaim",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111238715307356&w=2"
"name": "MDKSA-2005:071",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:071"
},
{
"name" : "http://gaim.sourceforge.net/security/index.php?id=14",
"refsource" : "CONFIRM",
"url" : "http://gaim.sourceforge.net/security/index.php?id=14"
"name": "FLSA:158543",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/426078/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750"
"name": "oval:org.mitre.oval:def:9185",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185"
},
{
"name" : "FLSA:158543",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/426078/100/0/threaded"
"name": "14815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14815"
},
{
"name" : "MDKSA-2005:071",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:071"
"name": "gaim-ircmsginvite-dos(19939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19939"
},
{
"name" : "RHSA-2005:365",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-365.html"
"name": "13003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13003"
},
{
"name" : "SUSE-SA:2005:036",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
"name": "http://gaim.sourceforge.net/security/index.php?id=14",
"refsource": "CONFIRM",
"url": "http://gaim.sourceforge.net/security/index.php?id=14"
},
{
"name" : "13003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13003"
"name": "gaim-irc-plugin-bo(19937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19937"
},
{
"name" : "oval:org.mitre.oval:def:9185",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185"
"name": "RHSA-2005:365",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-365.html"
},
{
"name" : "14815",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14815"
"name": "20050401 multiple remote denial of service vulnerabilities in Gaim",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111238715307356&w=2"
},
{
"name" : "gaim-irc-plugin-bo(19937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19937"
"name": "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750"
},
{
"name" : "gaim-ircmsginvite-dos(19939)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19939"
"name": "SUSE-SA:2005:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
}
]
}

110
2005/1xxx/CVE-2005-1410.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1410",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1410",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as \"internal\" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments."
"lang": "eng",
"value": "The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as \"internal\" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.postgresql.org/about/news.315",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news.315"
"name": "oval:org.mitre.oval:def:9343",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343"
},
{
"name" : "[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found",
"refsource" : "MLIST",
"url" : "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php"
"name": "13475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13475"
},
{
"name" : "FLSA-2006:157366",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/426302/30/6680/threaded"
"name": "oval:org.mitre.oval:def:1086",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086"
},
{
"name" : "RHSA-2005:433",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-433.html"
"name": "RHSA-2005:433",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-433.html"
},
{
"name" : "SUSE-SA:2005:036",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
"name": "FLSA-2006:157366",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/426302/30/6680/threaded"
},
{
"name" : "13475",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13475"
"name": "ADV-2005-0453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0453"
},
{
"name" : "oval:org.mitre.oval:def:9343",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343"
"name": "[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php"
},
{
"name" : "ADV-2005-0453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0453"
"name": "http://www.postgresql.org/about/news.315",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news.315"
},
{
"name" : "oval:org.mitre.oval:def:1086",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086"
"name": "SUSE-SA:2005:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
}
]
}

74
2005/1xxx/CVE-2005-1566.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1566",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1566",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell."
"lang": "eng",
"value": "Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050512 Acrowave AAP-3100AR authetication bypass",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111592452331677&w=2"
"name": "20050512 Acrowave AAP-3100AR authetication bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111592452331677&w=2"
},
{
"name" : "16445",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16445"
"name": "15343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15343"
},
{
"name" : "15343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15343"
"name": "16445",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16445"
}
]
}

62
2005/1xxx/CVE-2005-1569.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1569",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1569",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111592417803514&w=2"
"name": "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111592417803514&w=2"
}
]
}

80
2005/1xxx/CVE-2005-1681.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1681",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1681",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050519 phpATM arbitrary PHP code inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111653168810937&w=2"
"name": "1014008",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014008"
},
{
"name" : "16692",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16692"
"name": "16692",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16692"
},
{
"name" : "1014008",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014008"
"name": "15420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15420"
},
{
"name" : "15420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15420"
"name": "20050519 phpATM arbitrary PHP code inclusion",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111653168810937&w=2"
}
]
}

22
2005/1xxx/CVE-2005-1991.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1991",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1991",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

266
2005/3xxx/CVE-2005-3120.json
View File

@ -1,231 +1,231 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3120",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3120",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters."
"lang": "eng",
"value": "Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
"name": "1015065",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015065"
},
{
"name" : "20051017 Lynx Remote Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html"
"name": "18376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18376"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm"
"name": "17216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17216"
},
{
"name" : "DSA-874",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-874"
"name": "17480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17480"
},
{
"name" : "DSA-876",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-876"
"name": "TSLSA-2005-0059",
"refsource": "TRUSTIX",
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name" : "DSA-1085",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1085"
"name": "SSA:2005-310-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056"
},
{
"name" : "FLSA:152832",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
"name": "OpenPKG-SA-2005.026",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name" : "GLSA-200510-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml"
"name": "SCOSA-2005.47",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt"
},
{
"name" : "MDKSA-2005:186",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:186"
"name": "20051017 Lynx Remote Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html"
},
{
"name" : "OpenPKG-SA-2005.026",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
"name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
},
{
"name" : "RHSA-2005:803",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-803.html"
"name": "17444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17444"
},
{
"name" : "SCOSA-2005.47",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt"
"name": "DSA-1085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1085"
},
{
"name" : "SCOSA-2006.7",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
"name": "GLSA-200510-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml"
},
{
"name" : "SSA:2005-310-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056"
"name": "18584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18584"
},
{
"name" : "SUSE-SR:2005:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
"name": "17238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17238"
},
{
"name" : "TSLSA-2005-0059",
"refsource" : "TRUSTIX",
"url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
"name": "SUSE-SR:2005:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name" : "USN-206-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/206-1/"
"name": "17150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17150"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253"
"name": "MDKSA-2005:186",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:186"
},
{
"name" : "15117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15117"
"name": "17248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17248"
},
{
"name" : "oval:org.mitre.oval:def:9257",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257"
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253"
},
{
"name" : "1015065",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015065"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm"
},
{
"name" : "17216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17216"
"name": "FLSA:152832",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name" : "17360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17360"
"name": "17360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17360"
},
{
"name" : "17445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17445"
"name": "17445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17445"
},
{
"name" : "18376",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18376"
"name": "15117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15117"
},
{
"name" : "17444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17444"
"name": "USN-206-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/206-1/"
},
{
"name" : "17150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17150"
"name": "oval:org.mitre.oval:def:9257",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257"
},
{
"name" : "17230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17230"
"name": "RHSA-2005:803",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-803.html"
},
{
"name" : "17231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17231"
"name": "17231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17231"
},
{
"name" : "17238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17238"
"name": "17230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17230"
},
{
"name" : "17248",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17248"
"name": "17340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17340"
},
{
"name" : "17340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17340"
"name": "20383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20383"
},
{
"name" : "17480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17480"
"name": "SCOSA-2006.7",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name" : "18584",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18584"
"name": "DSA-874",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-874"
},
{
"name" : "20383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20383"
"name": "DSA-876",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-876"
}
]
}

68
2005/3xxx/CVE-2005-3222.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3222",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3222",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051007 Antivirus detection bypass by special crafted archive.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name" : "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource" : "MISC",
"url" : "http://shadock.net/secubox/AVCraftedArchive.html"
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}

92
2005/3xxx/CVE-2005-3394.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3394",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3394",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051030 SQL IN FORUM.PHP",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/415299"
"name": "ADV-2005-2258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2258"
},
{
"name" : "15245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15245"
"name": "17373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17373"
},
{
"name" : "ADV-2005-2258",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2258"
"name": "20420",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20420"
},
{
"name" : "20420",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20420"
"name": "20051030 SQL IN FORUM.PHP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415299"
},
{
"name" : "17373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17373"
"name": "oaboard-forum-script-sql-injection(22932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22932"
},
{
"name" : "oaboard-forum-script-sql-injection(22932)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22932"
"name": "15245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15245"
}
]
}

86
2005/4xxx/CVE-2005-4425.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4425",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4425",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams."
"lang": "eng",
"value": "Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.kerio.com/kwf_history.html",
"refsource" : "CONFIRM",
"url" : "http://www.kerio.com/kwf_history.html"
"name": "ADV-2005-2391",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2391"
},
{
"name" : "15387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15387"
"name": "15387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15387"
},
{
"name" : "ADV-2005-2391",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2391"
"name": "17519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17519"
},
{
"name" : "17519",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17519"
"name": "http://www.kerio.com/kwf_history.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/kwf_history.html"
},
{
"name" : "kerio-winroute-rtsp-dos(23034)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23034"
"name": "kerio-winroute-rtsp-dos(23034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23034"
}
]
}

68
2005/4xxx/CVE-2005-4742.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4742",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4742",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Echelog 0.6.2 allows attackers to \"exploit function stacks on some architectures,\" with unknown impact and attack vectors."
"lang": "eng",
"value": "Unspecified vulnerability in Echelog 0.6.2 allows attackers to \"exploit function stacks on some architectures,\" with unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=365508",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=365508"
"name": "20244",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20244"
},
{
"name" : "20244",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20244"
"name": "http://sourceforge.net/project/shownotes.php?release_id=365508",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=365508"
}
]
}

92
2005/4xxx/CVE-2005-4866.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4866",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4866",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow."
"lang": "eng",
"value": "Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050105 IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110495251101381&w=2"
"name": "IY61492",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61492"
},
{
"name" : "http://www.nextgenss.com/advisories/db205012005D.txt",
"refsource" : "MISC",
"url" : "http://www.nextgenss.com/advisories/db205012005D.txt"
"name": "11401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11401"
},
{
"name" : "IY61492",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY61492"
"name": "20050105 IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110495251101381&w=2"
},
{
"name" : "11401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11401"
"name": "12733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12733/"
},
{
"name" : "12733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12733/"
"name": "db2-jdbc-bo(17613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17613"
},
{
"name" : "db2-jdbc-bo(17613)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17613"
"name": "http://www.nextgenss.com/advisories/db205012005D.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/db205012005D.txt"
}
]
}

92
2009/0xxx/CVE-2009-0265.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0265",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0265",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025."
"lang": "eng",
"value": "Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33"
"name": "MDVSA-2009:037",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:037"
},
{
"name" : "https://www.isc.org/node/373",
"refsource" : "CONFIRM",
"url" : "https://www.isc.org/node/373"
"name": "33559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33559"
},
{
"name" : "MDVSA-2009:037",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:037"
"name": "ADV-2009-0043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0043"
},
{
"name" : "SSA:2009-014-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362"
"name": "SSA:2009-014-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362"
},
{
"name" : "ADV-2009-0043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0043"
"name": "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33",
"refsource": "MISC",
"url": "http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33"
},
{
"name" : "33559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33559"
"name": "https://www.isc.org/node/373",
"refsource": "CONFIRM",
"url": "https://www.isc.org/node/373"
}
]
}

98
2009/0xxx/CVE-2009-0857.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0857",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0857",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1"
"name": "33999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33999"
},
{
"name" : "247046",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1"
"name": "sunmc-performancereportingmodule-xss(49076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49076"
},
{
"name" : "33999",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33999"
"name": "ADV-2009-0605",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0605"
},
{
"name" : "1021809",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021809"
"name": "34146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34146"
},
{
"name" : "34146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34146"
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1"
},
{
"name" : "ADV-2009-0605",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0605"
"name": "247046",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1"
},
{
"name" : "sunmc-performancereportingmodule-xss(49076)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49076"
"name": "1021809",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021809"
}
]
}

86
2009/1xxx/CVE-2009-1217.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1217",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1217",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the \"Microsoft GdiPlus EMF GpFont.SetData integer overflow.\""
"lang": "eng",
"value": "Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the \"Microsoft GdiPlus EMF GpFont.SetData integer overflow.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html",
"refsource" : "MISC",
"url" : "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html"
"name": "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx"
},
{
"name" : "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/srd/archive/2009/03/26/new-emf-gdiplus-dll-crash-not-exploitable-for-code-execution.aspx"
"name": "ADV-2009-0832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0832"
},
{
"name" : "34250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34250"
"name": "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html",
"refsource": "MISC",
"url": "http://bl4cksecurity.blogspot.com/2009/03/microsoft-gdiplus-emf-gpfontsetdata.html"
},
{
"name" : "ADV-2009-0832",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0832"
"name": "win-gdi-emfplusfont-dos(49438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49438"
},
{
"name" : "win-gdi-emfplusfont-dos(49438)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49438"
"name": "34250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34250"
}
]
}

74
2009/1xxx/CVE-2009-1259.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1259",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1259",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php."
"lang": "eng",
"value": "SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "8351",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8351"
"name": "adaptbb-topic-sql-injection(49681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49681"
},
{
"name" : "34371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34371"
"name": "34371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34371"
},
{
"name" : "adaptbb-topic-sql-injection(49681)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49681"
"name": "8351",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8351"
}
]
}

92
2009/1xxx/CVE-2009-1421.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1421",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1421",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors."
"lang": "eng",
"value": "Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBUX02440",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124654506100944&w=2"
"name": "SSRT090106",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124654506100944&w=2"
},
{
"name" : "SSRT090106",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124654506100944&w=2"
"name": "ADV-2009-1755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1755"
},
{
"name" : "35547",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35547"
"name": "HPSBUX02440",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124654506100944&w=2"
},
{
"name" : "1022493",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022493"
"name": "1022493",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022493"
},
{
"name" : "35644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35644"
"name": "35644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35644"
},
{
"name" : "ADV-2009-1755",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1755"
"name": "35547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35547"
}
]
}

80
2009/3xxx/CVE-2009-3272.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3272",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3272",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences."
"lang": "eng",
"value": "Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "9606",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9606"
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
"name": "9606",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9606"
}
]
}

80
2009/4xxx/CVE-2009-4365.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4365",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4365",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action."
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt"
"name": "61114",
"refsource": "OSVDB",
"url": "http://osvdb.org/61114"
},
{
"name" : "61114",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61114"
"name": "ezblog-admin-csrf(54895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54895"
},
{
"name" : "37743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37743"
"name": "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/ezblog-xssxsrf.txt"
},
{
"name" : "ezblog-admin-csrf(54895)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54895"
"name": "37743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37743"
}
]
}

86
2009/4xxx/CVE-2009-4460.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4460",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4460",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to (1) index.php, (2) faq.php, and (3) register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "10616",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10616"
"name": "61286",
"refsource": "OSVDB",
"url": "http://osvdb.org/61286"
},
{
"name" : "61285",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61285"
"name": "61285",
"refsource": "OSVDB",
"url": "http://osvdb.org/61285"
},
{
"name" : "61286",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61286"
"name": "37894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37894"
},
{
"name" : "61287",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61287"
"name": "10616",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10616"
},
{
"name" : "37894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37894"
"name": "61287",
"refsource": "OSVDB",
"url": "http://osvdb.org/61287"
}
]
}

92
2009/4xxx/CVE-2009-4606.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4606",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4606",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command."
"lang": "eng",
"value": "South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20091020 South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507323/100/0/threaded"
"name": "37083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37083"
},
{
"name" : "http://retrogod.altervista.org/9sg_south_river_priv.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/9sg_south_river_priv.html"
"name": "http://retrogod.altervista.org/9sg_south_river_priv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_south_river_priv.html"
},
{
"name" : "59080",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59080"
"name": "59080",
"refsource": "OSVDB",
"url": "http://osvdb.org/59080"
},
{
"name" : "37083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37083"
"name": "ADV-2009-2994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2994"
},
{
"name" : "ADV-2009-2994",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2994"
"name": "20091020 South River Technologies WebDrive Service Bad Security Descriptor Local Elevation Of Privileges",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507323/100/0/threaded"
},
{
"name" : "webdrive-webdrive-privilege-escalation(53885)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53885"
"name": "webdrive-webdrive-privilege-escalation(53885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53885"
}
]
}

74
2009/4xxx/CVE-2009-4986.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4986",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4986",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "9358",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9358"
"name": "9358",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9358"
},
{
"name" : "36165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36165"
"name": "36165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36165"
},
{
"name" : "ADV-2009-2164",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2164"
"name": "ADV-2009-2164",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2164"
}
]
}

80
2012/2xxx/CVE-2012-2368.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2368",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2368",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password."
"lang": "eng",
"value": "Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120514 CVE request: Bytemark Symbiosis",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/14/1"
"name": "[oss-security] 20120514 Re: CVE request: Bytemark Symbiosis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/14/3"
},
{
"name" : "[oss-security] 20120514 Re: CVE request: Bytemark Symbiosis",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/14/3"
"name": "[oss-security] 20120514 CVE request: Bytemark Symbiosis",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/14/1"
},
{
"name" : "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322",
"refsource" : "CONFIRM",
"url" : "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322"
"name": "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322",
"refsource": "CONFIRM",
"url": "https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322"
},
{
"name" : "48993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48993"
"name": "48993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48993"
}
]
}

62
2012/2xxx/CVE-2012-2585.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2585",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2585",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV=\"refresh\" META element."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20356",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/20356/"
"name": "20356",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20356/"
}
]
}

22
2012/2xxx/CVE-2012-2656.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2656",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2656",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

104
2012/2xxx/CVE-2012-2670.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2670",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2670",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar."
"lang": "eng",
"value": "manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120604 Arbitrary File Upload/Execution in Collabtive",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html"
"name": "53813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53813"
},
{
"name" : "20120605 Arbitrary File Upload/Execution in Collabtive",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522973/30/0/threaded"
"name": "http://www.collabtive.o-dyn.de/blog/?p=426",
"refsource": "CONFIRM",
"url": "http://www.collabtive.o-dyn.de/blog/?p=426"
},
{
"name" : "[oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/06/6"
"name": "20120604 Arbitrary File Upload/Execution in Collabtive",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0007.html"
},
{
"name" : "[oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/06/9"
"name": "collabtive-manageuser-file-upload(76101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76101"
},
{
"name" : "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html",
"refsource" : "MISC",
"url" : "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html"
"name": "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html",
"refsource": "MISC",
"url": "http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html"
},
{
"name" : "http://www.collabtive.o-dyn.de/blog/?p=426",
"refsource" : "CONFIRM",
"url" : "http://www.collabtive.o-dyn.de/blog/?p=426"
"name": "20120605 Arbitrary File Upload/Execution in Collabtive",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522973/30/0/threaded"
},
{
"name" : "53813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53813"
"name": "[oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/6"
},
{
"name" : "collabtive-manageuser-file-upload(76101)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76101"
"name": "[oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/9"
}
]
}

74
2012/6xxx/CVE-2012-6469.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6469",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6469",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page."
"lang": "eng",
"value": "Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via vectors involving web script in an error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.opera.com/docs/changelogs/unified/1211/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unified/1211/"
"name": "http://www.opera.com/support/kb/view/1037/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1037/"
},
{
"name" : "http://www.opera.com/support/kb/view/1037/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/1037/"
"name": "http://www.opera.com/docs/changelogs/unified/1211/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unified/1211/"
},
{
"name" : "56594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56594"
"name": "56594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56594"
}
]
}

86
2012/6xxx/CVE-2012-6661.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6661",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6661",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
"lang": "eng",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1"
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name" : "https://bugs.launchpad.net/zope2/+bug/1071067",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/zope2/+bug/1071067"
"name": "https://bugs.launchpad.net/zope2/+bug/1071067",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
"name": "https://plone.org/products/plone/security/advisories/20121106/24",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"name" : "https://plone.org/products/plone-hotfix/releases/20121124",
"refsource" : "CONFIRM",
"url" : "https://plone.org/products/plone-hotfix/releases/20121124"
"name": "https://plone.org/products/plone-hotfix/releases/20121124",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name" : "https://plone.org/products/plone/security/advisories/20121106/24",
"refsource" : "CONFIRM",
"url" : "https://plone.org/products/plone/security/advisories/20121106/24"
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
]
}

68
2015/1xxx/CVE-2015-1323.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1323",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1323",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions."
"lang": "eng",
"value": "The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "USN-2648-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2648-1"
"name": "75221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75221"
},
{
"name" : "75221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75221"
"name": "USN-2648-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2648-1"
}
]
}

22
2015/1xxx/CVE-2015-1411.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1411",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1411",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2015/1xxx/CVE-2015-1467.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1467",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1467",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20150204 [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534616/100/0/threaded"
"name": "20150204 [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534616/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html"
"name": "http://www.fork-cms.com/blog/detail/fork-3.8.6-released",
"refsource": "CONFIRM",
"url": "http://www.fork-cms.com/blog/detail/fork-3.8.6-released"
},
{
"name" : "http://www.fork-cms.com/blog/detail/fork-3.8.6-released",
"refsource" : "CONFIRM",
"url" : "http://www.fork-cms.com/blog/detail/fork-3.8.6-released"
"name": "forkcms-cve20151467-sql-injection(100668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100668"
},
{
"name" : "forkcms-cve20151467-sql-injection(100668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100668"
"name": "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130242/Fork-CMS-3.8.5-SQL-Injection.html"
}
]
}

74
2015/1xxx/CVE-2015-1537.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1537",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1537",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application."
"lang": "eng",
"value": "Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf",
"refsource" : "MISC",
"url" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf"
"name": "76670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76670"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0"
"name": "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/c82e31a7039a03dca7b37c65b7890ba5c1e18ced%5E%21/#F0"
},
{
"name" : "76670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76670"
"name": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf",
"refsource": "MISC",
"url": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf"
}
]
}

22
2015/5xxx/CVE-2015-5384.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5384",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5384",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2015/5xxx/CVE-2015-5390.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5390",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5390",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

110
2015/5xxx/CVE-2015-5548.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5548",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5548",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553."
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
"name": "76283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76283"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
"name": "GLSA-201508-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201508-01"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201508-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201508-01"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
},
{
"name" : "RHSA-2015:1603",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
"name": "1033235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033235"
},
{
"name" : "76283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76283"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "1033235",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033235"
"name": "RHSA-2015:1603",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
}
]
}

80
2015/5xxx/CVE-2015-5599.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5599",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5599",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/64"
"name": "[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/20/1"
},
{
"name" : "[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/20/1"
"name": "http://www.vapid.dhs.org/advisory.php?v=132",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=132"
},
{
"name" : "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html"
"name": "20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/64"
},
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=132",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=132"
"name": "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html"
}
]
}

118
2018/11xxx/CVE-2018-11071.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"ID" : "CVE-2018-11071",
"STATE" : "PUBLIC",
"TITLE" : "DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability "
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-11071",
"STATE": "PUBLIC",
"TITLE": "DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability "
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Isilon OneFS",
"version" : {
"version_data" : [
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"affected" : "<",
"version_name" : "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"version_value" : "8.1.2 "
"affected": "<",
"version_name": "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"version_value": "8.1.2 "
}
]
}
},
{
"product_name" : "IsilonSD Edge",
"version" : {
"version_data" : [
"product_name": "IsilonSD Edge",
"version": {
"version_data": [
{
"affected" : "<",
"version_name" : "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"version_value" : "8.1.2 "
"affected": "<",
"version_name": "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
"version_value": "8.1.2 "
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
"vendor_name": "Dell EMC"
}
]
}
},
"credit" : [
"credit": [
{
"lang" : "eng",
"value" : "Dell EMC would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this vulnerability."
"lang": "eng",
"value": "Dell EMC would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted."
"lang": "eng",
"value": "Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "remote process crash vulnerability"
"lang": "eng",
"value": "remote process crash vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Sep/19"
"name": "20180914 DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/19"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
"source": {
"discovery": "UNKNOWN"
}
}

74
2018/11xxx/CVE-2018-11154.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11154",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11154",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46)."
"lang": "eng",
"value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/71"
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}

22
2018/11xxx/CVE-2018-11333.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11333",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11333",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/11xxx/CVE-2018-11812.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11812",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11812",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/15xxx/CVE-2018-15131.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15131",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15131",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

76
2018/3xxx/CVE-2018-3271.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3271",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3271",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "11.3"
"version_affected": "=",
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "1041895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name" : "105605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105605"
"name": "105605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105605"
},
{
"name" : "1041895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041895"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}

22
2018/3xxx/CVE-2018-3307.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3307",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3307",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/3xxx/CVE-2018-3497.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3497",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3497",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2018/3xxx/CVE-2018-3711.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3711",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-3711",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "fastify node module",
"version" : {
"version_data" : [
"product_name": "fastify node module",
"version": {
"version_data": [
{
"version_value" : "Versions before 0.38.0"
"version_value": "Versions before 0.38.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
"vendor_name": "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with \"Content-Type: application/json\" and a very large payload."
"lang": "eng",
"value": "Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with \"Content-Type: application/json\" and a very large payload."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Allocation of Resources Without Limits or Throttling (CWE-770)"
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/fastify/fastify/pull/627",
"refsource" : "MISC",
"url" : "https://github.com/fastify/fastify/pull/627"
"name": "https://github.com/fastify/fastify/pull/627",
"refsource": "MISC",
"url": "https://github.com/fastify/fastify/pull/627"
},
{
"name" : "https://hackerone.com/reports/303632",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/303632"
"name": "https://hackerone.com/reports/303632",
"refsource": "MISC",
"url": "https://hackerone.com/reports/303632"
}
]
}

76
2018/7xxx/CVE-2018-7994.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7994",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7994",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500",
"version" : {
"version_data" : [
"product_name": "NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500",
"version": {
"version_data": [
{
"version_value" : "IPS Module V500R001C50"
"version_value": "IPS Module V500R001C50"
},
{
"version_value" : "NGFW Module V500R001C50"
"version_value": "NGFW Module V500R001C50"
},
{
"version_value" : "V500R002C10"
"version_value": "V500R002C10"
},
{
"version_value" : "NIP6300 V500R001C50"
"version_value": "NIP6300 V500R001C50"
},
{
"version_value" : "NIP6600 V500R001C50"
"version_value": "NIP6600 V500R001C50"
},
{
"version_value" : "NIP6800 V500R001C50"
"version_value": "NIP6800 V500R001C50"
},
{
"version_value" : "Secospace USG6600 V500R001C50"
"version_value": "Secospace USG6600 V500R001C50"
},
{
"version_value" : "USG9500 V500R001C50"
"version_value": "USG9500 V500R001C50"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory."
"lang": "eng",
"value": "Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "memory leak"
"lang": "eng",
"value": "memory leak"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en"
}
]
}

84
2018/8xxx/CVE-2018-8156.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8156",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8156",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value" : "Enterprise Server 2016"
"version_value": "Enterprise Server 2016"
}
]
}
},
{
"product_name" : "Microsoft Project Server",
"version" : {
"version_data" : [
"product_name": "Microsoft Project Server",
"version": {
"version_data": [
{
"version_value" : "2010 Service Pack 2"
"version_value": "2010 Service Pack 2"
},
{
"version_value" : "2013 Service Pack 1"
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168."
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8156"
},
{
"name" : "104048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104048"
"name": "1040856",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040856"
},
{
"name" : "1040856",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040856"
"name": "104048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104048"
}
]
}

22
2018/8xxx/CVE-2018-8303.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8303",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8303",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/8xxx/CVE-2018-8669.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8669",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8669",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2018/8xxx/CVE-2018-8835.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-04-25T00:00:00",
"ID" : "CVE-2018-8835",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-25T00:00:00",
"ID": "CVE-2018-8835",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Advantech WebAccess HMI Designer",
"version" : {
"version_data" : [
"product_name": "Advantech WebAccess HMI Designer",
"version": {
"version_data": [
{
"version_value" : "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior."
"version_value": "Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution."
"lang": "eng",
"value": "Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "DOUBLE FREE CWE-415"
"lang": "eng",
"value": "DOUBLE FREE CWE-415"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03"
"name": "103972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103972"
},
{
"name" : "103972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103972"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03"
}
]
}

62
2018/8xxx/CVE-2018-8969.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8969",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8969",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock."
"lang": "eng",
"value": "An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md",
"refsource" : "MISC",
"url" : "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md"
"name": "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md",
"refsource": "MISC",
"url": "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/licence_save.php.md"
}
]
}