admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:59:39 +00:00
parent 7f4fa88a86
commit fe4343059c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3791 additions and 3791 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2005/0xxx/CVE-2005-0486.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0486", "ID": "CVE-2005-0486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tarantella.com/security/bulletin-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tarantella.com/security/bulletin-11.html" "lang": "eng",
}, "value": "Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme."
{ }
"name" : "tarantella-enterprise-obtain-information(19407)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19407" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tarantella-enterprise-obtain-information(19407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19407"
},
{
"name": "http://www.tarantella.com/security/bulletin-11.html",
"refsource": "CONFIRM",
"url": "http://www.tarantella.com/security/bulletin-11.html"
}
]
}
}

140
2005/0xxx/CVE-2005-0545.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0545", "ID": "CVE-2005-0545",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050223 Office 10 applications & flashdrives can be used to browse restricted drives", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/391332" "lang": "eng",
}, "value": "Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post."
{ }
"name" : "20050225 Re: Office 10 applications & flashdrives can be used to browse restricted", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110935549821930&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12641", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12641" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050223 Office 10 applications & flashdrives can be used to browse restricted drives",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/391332"
},
{
"name": "12641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12641"
},
{
"name": "20050225 Re: Office 10 applications & flashdrives can be used to browse restricted",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110935549821930&w=2"
}
]
}
}

150
2005/0xxx/CVE-2005-0635.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0635", "ID": "CVE-2005-0635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050302 Foxmail server \"USER\" command Multiple remote buffer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/391960" "lang": "eng",
}, "value": "Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command."
{ }
"name" : "12711", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12711" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1013356", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013356" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14145", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14145" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050302 Foxmail server \"USER\" command Multiple remote buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/391960"
},
{
"name": "12711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12711"
},
{
"name": "1013356",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013356"
},
{
"name": "14145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14145"
}
]
}
}

160
2005/0xxx/CVE-2005-0743.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0743", "ID": "CVE-2005-0743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/392626" "lang": "eng",
}, "value": "The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered."
{ }
"name" : "http://www.xoops.org/modules/news/article.php?storyid=2114", ]
"refsource" : "CONFIRM", },
"url" : "http://www.xoops.org/modules/news/article.php?storyid=2114" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12754", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12754" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14520", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14520" ]
}, },
{ "references": {
"name" : "xoops-uploader-file-upload(19634)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634" "name": "14520",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/14520"
} },
} {
"name": "http://www.xoops.org/modules/news/article.php?storyid=2114",
"refsource": "CONFIRM",
"url": "http://www.xoops.org/modules/news/article.php?storyid=2114"
},
{
"name": "20050308 [SCAN Associates Security Advisory] xoops 2.0.9.2 and below weak file extension validation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/392626"
},
{
"name": "12754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12754"
},
{
"name": "xoops-uploader-file-upload(19634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19634"
}
]
}
}

150
2005/1xxx/CVE-2005-1060.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1060", "ID": "CVE-2005-1060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm" "lang": "eng",
}, "value": "Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets."
{ }
"name" : "13067", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13067" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14874", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14874" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "novell-netware-tcpipnlm-dos(20024)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20024" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2970467.htm"
},
{
"name": "14874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14874"
},
{
"name": "novell-netware-tcpipnlm-dos(20024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20024"
},
{
"name": "13067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13067"
}
]
}
}

170
2005/1xxx/CVE-2005-1642.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1642", "ID": "CVE-2005-1642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050516 Woltlab Burning Board SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0199.html" "lang": "eng",
}, "value": "SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable."
{ }
"name" : "http://www.gulftech.org/?node=research&article_id=00075-05162005", ]
"refsource" : "MISC", },
"url" : "http://www.gulftech.org/?node=research&article_id=00075-05162005" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050516 Re: Woltlab Burning Board SQL Injection Vulnerability (fwd)", "description": [
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2005-May/000047.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-0558", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/0558" ]
}, },
{ "references": {
"name" : "16575", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16575" "name": "http://www.gulftech.org/?node=research&article_id=00075-05162005",
}, "refsource": "MISC",
{ "url": "http://www.gulftech.org/?node=research&article_id=00075-05162005"
"name" : "15395", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15395" "name": "ADV-2005-0558",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/0558"
} },
} {
"name": "20050516 Re: Woltlab Burning Board SQL Injection Vulnerability (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2005-May/000047.html"
},
{
"name": "15395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15395"
},
{
"name": "20050516 Woltlab Burning Board SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0199.html"
},
{
"name": "16575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16575"
}
]
}
}

34
2005/1xxx/CVE-2005-1845.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-1845", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-1845",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
} }
] ]
} }
} }

170
2005/1xxx/CVE-2005-1939.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1939", "ID": "CVE-2005-1939",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences in a request to the Report service (TCP 8022)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2005-14/advisory/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2005-14/advisory/" "lang": "eng",
}, "value": "Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via \"..\" (dot dot) sequences in a request to the Report service (TCP 8022)."
{ }
"name" : "http://cirt.dk/advisories/cirt-40-advisory.pdf", ]
"refsource" : "MISC", },
"url" : "http://cirt.dk/advisories/cirt-40-advisory.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15291", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15291" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15500", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15500" ]
}, },
{ "references": {
"name" : "1015141", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015141" "name": "15500",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15500"
"name" : "whatsup-smallbusiness-dotdot-traversal(22969)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22969" "name": "http://cirt.dk/advisories/cirt-40-advisory.pdf",
} "refsource": "MISC",
] "url": "http://cirt.dk/advisories/cirt-40-advisory.pdf"
} },
} {
"name": "whatsup-smallbusiness-dotdot-traversal(22969)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22969"
},
{
"name": "15291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15291"
},
{
"name": "1015141",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015141"
},
{
"name": "http://secunia.com/secunia_research/2005-14/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-14/advisory/"
}
]
}
}

180
2005/3xxx/CVE-2005-3043.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3043", "ID": "CVE-2005-3043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://systemsecure.org/ssforum/viewtopic.php?t=277", "description_data": [
"refsource" : "MISC", {
"url" : "http://systemsecure.org/ssforum/viewtopic.php?t=277" "lang": "eng",
}, "value": "SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter."
{ }
"name" : "http://packetstormsecurity.org/0509-exploits/mall23.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/0509-exploits/mall23.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14898", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14898" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-1811", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/1811" ]
}, },
{ "references": {
"name" : "19595", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19595" "name": "http://packetstormsecurity.org/0509-exploits/mall23.txt",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.org/0509-exploits/mall23.txt"
"name" : "16903", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16903" "name": "http://systemsecure.org/ssforum/viewtopic.php?t=277",
}, "refsource": "MISC",
{ "url": "http://systemsecure.org/ssforum/viewtopic.php?t=277"
"name" : "mall23-additem-sql-injection(22356)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22356" "name": "16903",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/16903"
} },
} {
"name": "14898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14898"
},
{
"name": "mall23-additem-sql-injection(22356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22356"
},
{
"name": "19595",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19595"
},
{
"name": "ADV-2005-1811",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1811"
}
]
}
}

120
2005/3xxx/CVE-2005-3332.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3332", "ID": "CVE-2005-3332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15207", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15207" "lang": "eng",
} "value": "PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15207"
}
]
}
}

140
2005/3xxx/CVE-2005-3361.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3361", "ID": "CVE-2005-3361",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051024 Flat Nuke Cross Site Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=113019486931157&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306."
{ }
"name" : "ADV-2005-2178", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2005/2178" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20246", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20246" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20051024 Flat Nuke Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113019486931157&w=2"
},
{
"name": "ADV-2005-2178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2178"
},
{
"name": "20246",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20246"
}
]
}
}

170
2005/4xxx/CVE-2005-4064.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4064", "ID": "CVE-2005-4064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp."
{ }
"name" : "15741", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15741" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2763", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2763" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21472", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21472" ]
}, },
{ "references": {
"name" : "21473", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21473" "name": "17900",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17900"
"name" : "17900", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17900" "name": "21472",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/21472"
} },
} {
"name": "ADV-2005-2763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2763"
},
{
"name": "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html"
},
{
"name": "15741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15741"
},
{
"name": "21473",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21473"
}
]
}
}

200
2005/4xxx/CVE-2005-4065.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4065", "ID": "CVE-2005-4065",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.edgewall.com/trac/wiki/ChangeLog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.edgewall.com/trac/wiki/ChangeLog" "lang": "eng",
}, "value": "SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
{ }
"name" : "[Trac] 20051205 SECURITY: Trac 0.9.2 Released", ]
"refsource" : "MLIST", },
"url" : "http://lists.edgewall.com/archive/trac/2005-December/005777.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-951", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-951" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15720", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15720" ]
}, },
{ "references": {
"name" : "ADV-2005-2766", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2766" "name": "18555",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18555"
"name" : "21459", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21459" "name": "21459",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/21459"
"name" : "17894", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17894" "name": "[Trac] 20051205 SECURITY: Trac 0.9.2 Released",
}, "refsource": "MLIST",
{ "url": "http://lists.edgewall.com/archive/trac/2005-December/005777.html"
"name" : "18555", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18555" "name": "222",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/222"
"name" : "222", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/222" "name": "17894",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/17894"
} },
} {
"name": "http://projects.edgewall.com/trac/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
},
{
"name": "ADV-2005-2766",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2766"
},
{
"name": "DSA-951",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-951"
},
{
"name": "15720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15720"
}
]
}
}

200
2005/4xxx/CVE-2005-4556.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4556", "ID": "CVE-2005-4556",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051227 Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/420255/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php."
{ }
"name" : "20051227 Secunia Research: IceWarp Web Mail Multiple File", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=113570229524828&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://secunia.com/secunia_research/2005-62/advisory/", "description": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2005-62/advisory/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16069", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16069" ]
}, },
{ "references": {
"name" : "22077", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22077" "name": "22078",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22078"
"name" : "22078", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22078" "name": "17865",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17865"
"name" : "1015412", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015412" "name": "16069",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16069"
"name" : "17046", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17046" "name": "17046",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17046"
"name" : "17865", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17865" "name": "1015412",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015412"
} },
} {
"name": "20051227 Secunia Research: IceWarp Web Mail Multiple File",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113570229524828&w=2"
},
{
"name": "http://secunia.com/secunia_research/2005-62/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-62/advisory/"
},
{
"name": "20051227 Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420255/100/0/threaded"
},
{
"name": "22077",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22077"
}
]
}
}

34
2005/4xxx/CVE-2005-4633.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-4633", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-4633",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candidate is a duplicate of CVE-2005-4619. Notes: All CVE users should reference CVE-2005-4619 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

160
2005/4xxx/CVE-2005-4774.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4774", "ID": "CVE-2005-4774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15135", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15135" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI."
{ }
"name" : "20077", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/20077" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1015079", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015079" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17243", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17243" ]
}, },
{ "references": {
"name" : "xerver-null-character-xss(22787)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22787" "name": "20077",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/20077"
} },
} {
"name": "xerver-null-character-xss(22787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22787"
},
{
"name": "15135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15135"
},
{
"name": "1015079",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015079"
},
{
"name": "17243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17243"
}
]
}
}

130
2005/4xxx/CVE-2005-4820.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4820", "ID": "CVE-2005-4820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14809", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14809" "lang": "eng",
}, "value": "SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic."
{ }
"name" : "smc-router-flood-dos(40019)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40019" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14809"
},
{
"name": "smc-router-flood-dos(40019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40019"
}
]
}
}

160
2005/4xxx/CVE-2005-4840.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4840", "ID": "CVE-2005-4840",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050301 IObjectSafety and Internet Explorer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/391803" "lang": "eng",
}, "value": "The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer."
{ }
"name" : "20070606 IE 6 / MS Office Outlook Express Address Book Activex DoS", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/470694/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html", "description": [
"refsource" : "MISC", {
"url" : "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26836", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26836" ]
}, },
{ "references": {
"name" : "outlook-addressbook-activex-dos(34755)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34755" "name": "20070606 IE 6 / MS Office Outlook Express Address Book Activex DoS",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/470694/100/0/threaded"
} },
} {
"name": "26836",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26836"
},
{
"name": "outlook-addressbook-activex-dos(34755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34755"
},
{
"name": "20050301 IObjectSafety and Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/391803"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-3-outlookexpressaddressbook_02.html"
}
]
}
}

170
2009/0xxx/CVE-2009-0018.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0018", "ID": "CVE-2009-0018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3438", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3438" "lang": "eng",
}, "value": "The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory."
{ }
"name" : "APPLE-SA-2009-02-12", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33759", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33759" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33816", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33816" ]
}, },
{ "references": {
"name" : "ADV-2009-0422", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0422" "name": "33937",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33937"
"name" : "33937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33937" "name": "33759",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/33759"
} },
} {
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "33816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33816"
}
]
}
}

210
2009/0xxx/CVE-2009-0036.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-0036", "ID": "CVE-2009-0036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory", "description_data": [
"refsource" : "MLIST", {
"url" : "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html" "lang": "eng",
}, "value": "Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check."
{ }
"name" : "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory", ]
"refsource" : "MLIST", },
"url" : "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory", "description": [
"refsource" : "MLIST", {
"url" : "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20090210 libvirt_proxy heads up", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2009/02/10/8" ]
}, },
{ "references": {
"name" : "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28" "name": "oval:org.mitre.oval:def:10127",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=484947", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=484947" "name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
}, "refsource": "MLIST",
{ "url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00728.html"
"name" : "RHSA-2009:0382", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0382.html" "name": "[libvir-list] 20090128 Re: [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
}, "refsource": "MLIST",
{ "url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00726.html"
"name" : "33724", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33724" "name": "33724",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33724"
"name" : "oval:org.mitre.oval:def:10127", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10127" "name": "[libvir-list] 20090127 [libvirt] [PATCH] proxy: Fix use of uninitalized memory",
}, "refsource": "MLIST",
{ "url": "https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html"
"name" : "34397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34397" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=484947",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484947"
} },
} {
"name": "RHSA-2009:0382",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0382.html"
},
{
"name": "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28",
"refsource": "CONFIRM",
"url": "http://git.et.redhat.com/?p=libvirt.git;a=commitdiff;h=2bb0657e28"
},
{
"name": "[oss-security] 20090210 libvirt_proxy heads up",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/02/10/8"
},
{
"name": "34397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34397"
}
]
}
}

130
2009/0xxx/CVE-2009-0513.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0513", "ID": "CVE-2009-0513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8025", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8025" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/."
{ }
"name" : "33701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33701" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8025",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8025"
},
{
"name": "33701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33701"
}
]
}
}

180
2009/0xxx/CVE-2009-0908.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0908", "ID": "CVE-2009-0908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2009/Apr/0036.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder."
{ }
"name" : "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues", ]
"refsource" : "MLIST", },
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000054.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0005.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0005.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34373", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34373" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:6399", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399" "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
"name" : "1021975", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021975" "name": "34373",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34373"
"name" : "ADV-2009-0944", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0944" "name": "oval:org.mitre.oval:def:6399",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399"
} },
} {
"name": "1021975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021975"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
]
}
}

180
2009/1xxx/CVE-2009-1020.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-1020", "ID": "CVE-2009-1020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Network Foundation component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
{ }
"name" : "35684", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35684" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55897", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55897" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1022560", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1022560" ]
}, },
{ "references": {
"name" : "35776", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35776" "name": "55897",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/55897"
"name" : "ADV-2009-1900", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1900" "name": "35776",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35776"
"name" : "oracle-database-netfoundation-unspecified(51749)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51749" "name": "ADV-2009-1900",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/1900"
} },
} {
"name": "35684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35684"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "1022560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022560"
},
{
"name": "oracle-database-netfoundation-unspecified(51749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51749"
}
]
}
}

34
2009/1xxx/CVE-2009-1401.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1401", "ID": "CVE-2009-1401",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2009/3xxx/CVE-2009-3448.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3448", "ID": "CVE-2009-3448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos" "lang": "eng",
}, "value": "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information."
{ }
"name" : "36489", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36489" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "58329", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/58329" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1022941", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1022941" ]
}, },
{ "references": {
"name" : "36847", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36847" "name": "1022941",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022941"
"name" : "netvault-npvmgr-dos(53434)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434" "name": "58329",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/58329"
} },
} {
"name": "36489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36489"
},
{
"name": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos",
"refsource": "MISC",
"url": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos"
},
{
"name": "netvault-npvmgr-dos(53434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434"
},
{
"name": "36847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36847"
}
]
}
}

180
2009/3xxx/CVE-2009-3658.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3658", "ID": "CVE-2009-3658",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091001 AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/506889/100/0/threaded" "lang": "eng",
}, "value": "Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method."
{ }
"name" : "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html", ]
"refsource" : "MISC", },
"url" : "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36580", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36580" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:6704", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704" ]
}, },
{ "references": {
"name" : "36919", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36919" "name": "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html",
}, "refsource": "MISC",
{ "url": "http://retrogod.altervista.org/9sg_aol_91_superbuddy.html"
"name" : "ADV-2009-2812", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2812" "name": "ADV-2009-2812",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2812"
"name" : "aol-superbuddy-activex-code-exec(53614)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53614" "name": "20091001 AOL 9.1 SuperBuddy ActiveX Control SetSuperBuddy() remote code execution exploit",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/506889/100/0/threaded"
} },
} {
"name": "36580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36580"
},
{
"name": "oval:org.mitre.oval:def:6704",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6704"
},
{
"name": "36919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36919"
},
{
"name": "aol-superbuddy-activex-code-exec(53614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53614"
}
]
}
}

150
2009/3xxx/CVE-2009-3924.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3924", "ID": "CVE-2009-3924",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt" "lang": "eng",
}, "value": "Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet."
{ }
"name" : "http://aluigi.org/poc/sof2pbbof.zip", ]
"refsource" : "MISC", },
"url" : "http://aluigi.org/poc/sof2pbbof.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36221", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "punkbuster-pbsv-bo(52400)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52400" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/sof2pbbof-adv.txt"
},
{
"name": "punkbuster-pbsv-bo(52400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52400"
},
{
"name": "http://aluigi.org/poc/sof2pbbof.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/sof2pbbof.zip"
},
{
"name": "36221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36221"
}
]
}
}

150
2009/4xxx/CVE-2009-4877.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4877", "ID": "CVE-2009-4877",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=695900", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=695900" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors."
{ }
"name" : "55798", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/55798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35775", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35775" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webgui-unspecified-csrf(51668)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51668" ]
} },
] "references": {
} "reference_data": [
} {
"name": "55798",
"refsource": "OSVDB",
"url": "http://osvdb.org/55798"
},
{
"name": "35775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35775"
},
{
"name": "webgui-unspecified-csrf(51668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51668"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=695900",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695900"
}
]
}
}

190
2012/2xxx/CVE-2012-2089.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2089", "ID": "CVE-2012-2089",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/04/12/9" "lang": "eng",
}, "value": "Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file."
{ }
"name" : "http://nginx.org/en/security_advisories.html", ]
"refsource" : "CONFIRM", },
"url" : "http://nginx.org/en/security_advisories.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2012-6238", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2012-6371", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html" ]
}, },
{ "references": {
"name" : "FEDORA-2012-6411", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html" "name": "nginx-ngxhttpmp4module-bo(74831)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831"
"name" : "52999", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52999" "name": "1026924",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026924"
"name" : "1026924", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026924" "name": "FEDORA-2012-6371",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html"
"name" : "nginx-ngxhttpmp4module-bo(74831)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74831" "name": "FEDORA-2012-6411",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html"
} },
} {
"name": "http://nginx.org/en/security_advisories.html",
"refsource": "CONFIRM",
"url": "http://nginx.org/en/security_advisories.html"
},
{
"name": "52999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52999"
},
{
"name": "[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/12/9"
},
{
"name": "FEDORA-2012-6238",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html"
}
]
}
}

160
2012/2xxx/CVE-2012-2114.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2114", "ID": "CVE-2012-2114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[musl] 20120417 musl security advisory #001: stack buffer overflow in vfprintf with long output", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/musl/2012/04/17/1" "lang": "eng",
}, "value": "Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr."
{ }
"name" : "[oss-security] 20120418 Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/04/18/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120418 Stack-based buffer overflow in musl libc 0.8.7 and earlier", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/04/18/5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.etalabs.net/musl/download.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.etalabs.net/musl/download.html" ]
}, },
{ "references": {
"name" : "53144", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53144" "name": "[musl] 20120417 musl security advisory #001: stack buffer overflow in vfprintf with long output",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/musl/2012/04/17/1"
} },
} {
"name": "[oss-security] 20120418 Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/6"
},
{
"name": "[oss-security] 20120418 Stack-based buffer overflow in musl libc 0.8.7 and earlier",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/5"
},
{
"name": "http://www.etalabs.net/musl/download.html",
"refsource": "CONFIRM",
"url": "http://www.etalabs.net/musl/download.html"
},
{
"name": "53144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53144"
}
]
}
}

120
2012/2xxx/CVE-2012-2429.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2012-2429", "ID": "CVE-2012-2429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf" "lang": "eng",
} "value": "The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf"
}
]
}
}

150
2012/6xxx/CVE-2012-6063.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6063", "ID": "CVE-2012-6063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871612", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871612" "lang": "eng",
}, "value": "Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559."
{ }
"name" : "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2", ]
"refsource" : "CONFIRM", },
"url" : "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2577", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2577" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=871612",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=871612"
},
{
"name": "DSA-2577",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2577"
},
{
"name": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/",
"refsource": "CONFIRM",
"url": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/"
},
{
"name": "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2",
"refsource": "CONFIRM",
"url": "http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2"
}
]
}
}

170
2012/6xxx/CVE-2012-6149.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6149", "ID": "CVE-2012-6149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=882000", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=882000" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call."
{ }
"name" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85", ]
"refsource" : "CONFIRM", },
"url" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0148", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0148.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2014:0222", "reference_data": [
"refsource" : "SUSE", {
"url" : "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html" "name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85",
}, "refsource": "CONFIRM",
{ "url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85"
"name" : "56952", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56952" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=882000",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882000"
} },
} {
"name": "56952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56952"
},
{
"name": "RHSA-2014:0148",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0148.html"
},
{
"name": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f",
"refsource": "CONFIRM",
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"name": "SUSE-SU-2014:0222",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
]
}
}

34
2015/1xxx/CVE-2015-1012.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1012", "ID": "CVE-2015-1012",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2015/1xxx/CVE-2015-1757.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1757", "ID": "CVE-2015-1757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka \"ADFS XSS Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-062", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-062" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka \"ADFS XSS Elevation of Privilege Vulnerability.\""
{ }
"name" : "75023", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032526", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032526" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "75023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75023"
},
{
"name": "1032526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032526"
},
{
"name": "MS15-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-062"
}
]
}
}

150
2015/1xxx/CVE-2015-1920.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1920", "ID": "CVE-2015-1920",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883573", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883573" "lang": "eng",
}, "value": "IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session."
{ }
"name" : "PI38302", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38302" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74439", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74439" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1032249", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1032249" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883573",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883573"
},
{
"name": "74439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74439"
},
{
"name": "1032249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032249"
},
{
"name": "PI38302",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI38302"
}
]
}
}

170
2015/5xxx/CVE-2015-5207.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5207", "ID": "CVE-2015-5207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/538211/100/0/threaded" "lang": "eng",
}, "value": "Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods."
{ }
"name" : "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://cordova.apache.org/announcements/2016/04/27/security.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://cordova.apache.org/announcements/2016/04/27/security.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVN#35341085", ]
"refsource" : "JVN", }
"url" : "http://jvn.jp/en/jp/JVN35341085/index.html" ]
}, },
{ "references": {
"name" : "JVNDB-2016-000058", "reference_data": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html" "name": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/136840/Apache-Cordova-iOS-3.9.1-Access-Bypass.html"
"name" : "88764", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/88764" "name": "https://cordova.apache.org/announcements/2016/04/27/security.html",
} "refsource": "CONFIRM",
] "url": "https://cordova.apache.org/announcements/2016/04/27/security.html"
} },
} {
"name": "JVNDB-2016-000058",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html"
},
{
"name": "20160427 CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538211/100/0/threaded"
},
{
"name": "88764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88764"
},
{
"name": "JVN#35341085",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN35341085/index.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5217.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5217", "ID": "CVE-2015-5217",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20151027 Multiple CVE info for Ipsilon", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/10/27/8" "lang": "eng",
}, "value": "providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255172", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255172" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1", "description": [
"refsource" : "CONFIRM", {
"url" : "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6", ]
"refsource" : "CONFIRM", }
"url" : "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6",
"refsource": "CONFIRM",
"url": "https://pagure.io/ipsilon/826e6339441546f596320f3d73304ab5f7c10de6"
},
{
"name": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/ipsilon/wiki/Releases/v1.0.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255172"
},
{
"name": "[oss-security] 20151027 Multiple CVE info for Ipsilon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/8"
}
]
}
}

140
2015/5xxx/CVE-2015-5324.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5324", "ID": "CVE-2015-5324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11" "lang": "eng",
}, "value": "Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api."
{ }
"name" : "RHSA-2016:0070", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2016:0070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:0489", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0489.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0489",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
]
}
}

130
2015/5xxx/CVE-2015-5432.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2015-5432", "ID": "CVE-2015-5432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019" "lang": "eng",
}, "value": "HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors."
{ }
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021", ]
"refsource" : "CONFIRM", },
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774021"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019"
}
]
}
}

150
2015/5xxx/CVE-2015-5861.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5861", "ID": "CVE-2015-5861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors."
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76764", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76764" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1033609", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1033609" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

140
2018/11xxx/CVE-2018-11194.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11194", "ID": "CVE-2018-11194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/71" "lang": "eng",
}, "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6)."
{ }
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

166
2018/11xxx/CVE-2018-11452.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC" : "2018-07-11T00:00:00", "DATE_PUBLIC": "2018-07-11T00:00:00",
"ID" : "CVE-2018-11452", "ID": "CVE-2018-11452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firmware variant IEC 61850 for EN100 Ethernet module, Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC104 for EN100 Ethernet module", "product_name": "Firmware variant IEC 61850 for EN100 Ethernet module, Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC104 for EN100 Ethernet module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Firmware variant IEC 61850 for EN100 Ethernet module : All versions < V4.33" "version_value": "Firmware variant IEC 61850 for EN100 Ethernet module : All versions < V4.33"
}, },
{ {
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module: All versions" "version_value": "Firmware variant PROFINET IO for EN100 Ethernet module: All versions"
}, },
{ {
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions" "version_value": "Firmware variant Modbus TCP for EN100 Ethernet module : All versions"
}, },
{ {
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions" "version_value": "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions"
}, },
{ {
"version_value" : "Firmware variant IEC104 for EN100 Ethernet module : All versions" "version_value": "Firmware variant IEC104 for EN100 Ethernet module : All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Siemens AG" "vendor_name": "Siemens AG"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf" "lang": "eng",
}, "value": "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
{ }
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106221", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106221" "lang": "eng",
} "value": "CWE-20: Improper Input Validation"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf"
},
{
"name": "106221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106221"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf"
}
]
}
}

140
2018/11xxx/CVE-2018-11522.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11522", "ID": "CVE-2018-11522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yosoro 1.0.4 has stored XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44803", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44803/" "lang": "eng",
}, "value": "Yosoro 1.0.4 has stored XSS."
{ }
"name" : "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/IceEnd/Yosoro/issues/11", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/IceEnd/Yosoro/issues/11" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "44803",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44803/"
},
{
"name": "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147978/Yosoro-1.0.4-Remote-Code-Execution.html"
},
{
"name": "https://github.com/IceEnd/Yosoro/issues/11",
"refsource": "CONFIRM",
"url": "https://github.com/IceEnd/Yosoro/issues/11"
}
]
}
}

34
2018/11xxx/CVE-2018-11885.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11885", "ID": "CVE-2018-11885",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/11xxx/CVE-2018-11991.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11991", "ID": "CVE-2018-11991",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2018/15xxx/CVE-2018-15501.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15501", "ID": "CVE-2018-15501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html" "lang": "eng",
}, "value": "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS."
{ }
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1104641", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1104641" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", ]
"refsource" : "MISC", }
"url" : "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649" ]
}, },
{ "references": {
"name" : "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/libgit2/libgit2/releases/tag/v0.26.6" "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406",
}, "refsource": "MISC",
{ "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406"
"name" : "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", },
"refsource" : "MISC", {
"url" : "https://github.com/libgit2/libgit2/releases/tag/v0.27.4" "name": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4",
}, "refsource": "MISC",
{ "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4"
"name" : "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", },
"refsource" : "MISC", {
"url" : "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html" "name": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html",
} "refsource": "MISC",
] "url": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html"
} },
} {
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1104641",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1104641"
},
{
"name": "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6",
"refsource": "MISC",
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6"
},
{
"name": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649",
"refsource": "MISC",
"url": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649"
}
]
}
}

172
2018/3xxx/CVE-2018-3061.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3061", "ID": "CVE-2018-3061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.22 and prior" "version_value": "5.7.22 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3655", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3655" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "USN-3725-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3725-1/" ]
}, },
{ "references": {
"name" : "104785", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104785" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "1041294", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041294" "name": "USN-3725-1",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3725-1/"
} },
} {
"name": "1041294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041294"
},
{
"name": "104785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104785"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
}
]
}
}

34
2018/3xxx/CVE-2018-3460.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3460", "ID": "CVE-2018-3460",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3492.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3492", "ID": "CVE-2018-3492",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2018/3xxx/CVE-2018-3560.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00", "DATE_PUBLIC": "2018-03-05T00:00:00",
"ID" : "CVE-2018-3560", "ID": "CVE-2018-3560",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" "lang": "eng",
} "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression device."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
}

122
2018/7xxx/CVE-2018-7782.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-24T00:00:00", "DATE_PUBLIC": "2018-04-24T00:00:00",
"ID" : "CVE-2018-7782", "ID": "CVE-2018-7782",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Pelco Sarix Professional V1", "product_name": "Pelco Sarix Professional V1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69" "version_value": "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authenticated password disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/" "lang": "eng",
} "value": "In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated password disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/"
}
]
}
}

170
2018/8xxx/CVE-2018-8533.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8533", "ID": "CVE-2018-8533",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SQL Server Management Studio 17.9", "product_name": "SQL Server Management Studio 17.9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SQL Server Management Studio 17.9" "version_value": "SQL Server Management Studio 17.9"
} }
] ]
} }
}, },
{ {
"product_name" : "SQL Server Management Studio 18.0", "product_name": "SQL Server Management Studio 18.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Preview 4)" "version_value": "(Preview 4)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45583", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45583/" "lang": "eng",
}, "value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105476", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105476" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1041826", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041826" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533"
},
{
"name": "45583",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45583/"
},
{
"name": "1041826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041826"
},
{
"name": "105476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105476"
}
]
}
}

228
2018/8xxx/CVE-2018-8576.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8576", "ID": "CVE-2018-8576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2019 for 32-bit editions" "version_value": "2019 for 32-bit editions"
}, },
{ {
"version_value" : "2019 for 64-bit editions" "version_value": "2019 for 64-bit editions"
} }
] ]
} }
}, },
{ {
"product_name" : "Office", "product_name": "Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "365 ProPlus for 32-bit Systems" "version_value": "365 ProPlus for 32-bit Systems"
}, },
{ {
"version_value" : "365 ProPlus for 64-bit Systems" "version_value": "365 ProPlus for 64-bit Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Microsoft Outlook", "product_name": "Microsoft Outlook",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2010 Service Pack 2 (32-bit editions)" "version_value": "2010 Service Pack 2 (32-bit editions)"
}, },
{ {
"version_value" : "2010 Service Pack 2 (64-bit editions)" "version_value": "2010 Service Pack 2 (64-bit editions)"
}, },
{ {
"version_value" : "2013 RT Service Pack 1" "version_value": "2013 RT Service Pack 1"
}, },
{ {
"version_value" : "2013 Service Pack 1 (32-bit editions)" "version_value": "2013 Service Pack 1 (32-bit editions)"
}, },
{ {
"version_value" : "2013 Service Pack 1 (64-bit editions)" "version_value": "2013 Service Pack 1 (64-bit editions)"
}, },
{ {
"version_value" : "2016 (32-bit edition)" "version_value": "2016 (32-bit edition)"
}, },
{ {
"version_value" : "2016 (64-bit edition)" "version_value": "2016 (64-bit edition)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8582."
{ }
"name" : "105822", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105822" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1042110", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1042110" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8576"
},
{
"name": "105822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105822"
},
{
"name": "1042110",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042110"
}
]
}
}