admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:35:03 +00:00
parent 60b05fd8fc
commit 0052ebee81
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3717 additions and 3717 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0409.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/319"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/319"
}
]
}
}

130
1999/0xxx/CVE-1999-0679.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.efnet.org/archive/servers/hybrid/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://www.efnet.org/archive/servers/hybrid/ChangeLog"
},
{
"name" : "581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/581"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.efnet.org/archive/servers/hybrid/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.efnet.org/archive/servers/hybrid/ChangeLog"
},
{
"name": "581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/581"
}
]
}
}

130
1999/1xxx/CVE-1999-1239.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX9407-015",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/1559"
},
{
"name" : "hp-xauthority(2261)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX9407-015",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/1559"
},
{
"name": "hp-xauthority(2261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2261"
}
]
}
}

34
2005/2xxx/CVE-2005-2303.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2303",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1218. Reason: This candidate is a duplicate of CVE-2005-1218. Notes: All CVE users should reference CVE-2005-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-2303",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1218. Reason: This candidate is a duplicate of CVE-2005-1218. Notes: All CVE users should reference CVE-2005-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

380
2005/2xxx/CVE-2005-2709.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.1"
},
{
"name" : "DSA-1017",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1017"
},
{
"name" : "DSA-1018",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1018"
},
{
"name" : "FLSA:157459-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name" : "FLSA:157459-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "FLSA:157459-4",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427981/100/0/threaded"
},
{
"name" : "MDKSA-2006:059",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name" : "RHSA-2006:0101",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name" : "RHSA-2006:0140",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name" : "RHSA-2006:0190",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0190.html"
},
{
"name" : "RHSA-2006:0191",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name" : "USN-219-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/219-1/"
},
{
"name" : "15365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15365"
},
{
"name" : "oval:org.mitre.oval:def:10746",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10746"
},
{
"name" : "ADV-2005-2359",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2359"
},
{
"name" : "20676",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20676"
},
{
"name" : "1015434",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015434"
},
{
"name" : "17504",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17504"
},
{
"name" : "17541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17541"
},
{
"name" : "17648",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17648"
},
{
"name" : "18510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18510"
},
{
"name" : "18562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18562"
},
{
"name" : "18684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18684"
},
{
"name" : "19374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19374"
},
{
"name" : "19369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19369"
},
{
"name" : "kernel-sysctl-interface-dos(23040)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name": "18684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18684"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.1"
},
{
"name": "19369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19369"
},
{
"name": "RHSA-2006:0101",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name": "ADV-2005-2359",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2359"
},
{
"name": "17541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17541"
},
{
"name": "DSA-1018",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1018"
},
{
"name": "FLSA:157459-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name": "1015434",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015434"
},
{
"name": "20676",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20676"
},
{
"name": "FLSA:157459-4",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427981/100/0/threaded"
},
{
"name": "USN-219-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/219-1/"
},
{
"name": "17648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17648"
},
{
"name": "RHSA-2006:0190",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0190.html"
},
{
"name": "18510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18510"
},
{
"name": "FLSA:157459-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name": "kernel-sysctl-interface-dos(23040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23040"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "DSA-1017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1017"
},
{
"name": "oval:org.mitre.oval:def:10746",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10746"
},
{
"name": "17504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17504"
},
{
"name": "MDKSA-2006:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
},
{
"name": "RHSA-2006:0191",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name": "18562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18562"
},
{
"name": "15365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15365"
}
]
}
}

180
2007/1xxx/CVE-2007-1673.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name" : "http://www.amavis.org/security/asa-2007-2.txt",
"refsource" : "CONFIRM",
"url" : "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name" : "23823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23823"
},
{
"name" : "36208",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36208"
},
{
"name" : "25315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25315"
},
{
"name" : "2680",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2680"
},
{
"name" : "multiple-vendor-zoo-dos(34080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.amavis.org/security/asa-2007-2.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-2.txt"
},
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "36208",
"refsource": "OSVDB",
"url": "http://osvdb.org/36208"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "25315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25315"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "2680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2680"
}
]
}
}

170
2007/1xxx/CVE-2007-1836.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070328 Arbitrary Command Execution in DataDomain Administrator Interface",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464085/100/0/threaded"
},
{
"name" : "23182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23182"
},
{
"name" : "34537",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34537"
},
{
"name" : "24666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24666"
},
{
"name" : "2516",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2516"
},
{
"name" : "datadomain-admininterface-command-execution(33291)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23182"
},
{
"name": "24666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24666"
},
{
"name": "34537",
"refsource": "OSVDB",
"url": "http://osvdb.org/34537"
},
{
"name": "2516",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2516"
},
{
"name": "20070328 Arbitrary Command Execution in DataDomain Administrator Interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464085/100/0/threaded"
},
{
"name": "datadomain-admininterface-command-execution(33291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33291"
}
]
}
}

170
2007/1xxx/CVE-2007-1923.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
},
{
"name" : "23352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23352"
},
{
"name" : "38217",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38217"
},
{
"name" : "38218",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38218"
},
{
"name" : "2552",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2552"
},
{
"name" : "sqlledger-acl-weak-security(33494)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38218",
"refsource": "OSVDB",
"url": "http://osvdb.org/38218"
},
{
"name": "sqlledger-acl-weak-security(33494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
},
{
"name": "2552",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2552"
},
{
"name": "38217",
"refsource": "OSVDB",
"url": "http://osvdb.org/38217"
},
{
"name": "23352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23352"
},
{
"name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
}
]
}
}

910
2007/5xxx/CVE-2007-5000.json
View File

@ -1,457 +1,457 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-5000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080716 rPSA-2008-0035-1 httpd mod_ssl",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494428/100/0/threaded"
},
{
"name" : "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name" : "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_13.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "PK58024",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024"
},
{
"name" : "PK58074",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074"
},
{
"name" : "PK63273",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273"
},
{
"name" : "PK65782",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2008-05-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name" : "FEDORA-2008-1695",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html"
},
{
"name" : "FEDORA-2008-1711",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html"
},
{
"name" : "HPSBUX02308",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
},
{
"name" : "SSRT080010",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
},
{
"name" : "HPSBMA02388",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name" : "SSRT080059",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name" : "HPSBOV02683",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "SSRT090208",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "MDVSA-2008:014",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name" : "MDVSA-2008:015",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015"
},
{
"name" : "MDVSA-2008:016",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016"
},
{
"name" : "RHSA-2008:0004",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name" : "RHSA-2008:0005",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name" : "RHSA-2008:0006",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name" : "RHSA-2008:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0007.html"
},
{
"name" : "RHSA-2008:0008",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name" : "RHSA-2008:0009",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0009.html"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "SSA:2008-045-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748"
},
{
"name" : "233623",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1"
},
{
"name" : "SUSE-SA:2008:021",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name" : "USN-575-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name" : "TA08-150A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name" : "26838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26838"
},
{
"name" : "oval:org.mitre.oval:def:9539",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539"
},
{
"name" : "32800",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32800"
},
{
"name" : "ADV-2007-4201",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4201"
},
{
"name" : "ADV-2007-4202",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4202"
},
{
"name" : "ADV-2007-4301",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name" : "ADV-2008-0084",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0084"
},
{
"name" : "ADV-2008-0178",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0178"
},
{
"name" : "ADV-2008-0398",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0398"
},
{
"name" : "ADV-2008-0809",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0809/references"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "ADV-2008-1224",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1224/references"
},
{
"name" : "ADV-2008-1623",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name" : "ADV-2008-1697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name" : "ADV-2008-1875",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name" : "39134",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/39134"
},
{
"name" : "1019093",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019093"
},
{
"name" : "28046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28046"
},
{
"name" : "28073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28073"
},
{
"name" : "28081",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28081"
},
{
"name" : "28196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28196"
},
{
"name" : "28375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28375"
},
{
"name" : "28467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28467"
},
{
"name" : "28471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28471"
},
{
"name" : "28525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28525"
},
{
"name" : "28526",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28526"
},
{
"name" : "28607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28607"
},
{
"name" : "28749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28749"
},
{
"name" : "28750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28750"
},
{
"name" : "28977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28977"
},
{
"name" : "28922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28922"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
},
{
"name" : "29640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29640"
},
{
"name" : "29806",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29806"
},
{
"name" : "29988",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29988"
},
{
"name" : "30356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30356"
},
{
"name" : "30430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30430"
},
{
"name" : "31142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31142"
},
{
"name" : "30732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30732"
},
{
"name" : "apache-modimagemap-xss(39002)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39002"
},
{
"name" : "apache-modimap-xss(39001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0005",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "ADV-2008-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0178"
},
{
"name": "1019093",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019093"
},
{
"name": "28922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28922"
},
{
"name": "39134",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39134"
},
{
"name": "28749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28749"
},
{
"name": "SSA:2008-045-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748"
},
{
"name": "29988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29988"
},
{
"name": "apache-modimap-xss(39001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39001"
},
{
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "28375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28375"
},
{
"name": "28750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28750"
},
{
"name": "ADV-2008-1623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "29806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29806"
},
{
"name": "apache-modimagemap-xss(39002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39002"
},
{
"name": "20080716 rPSA-2008-0035-1 httpd mod_ssl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded"
},
{
"name": "FEDORA-2008-1695",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html"
},
{
"name": "PK58024",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024"
},
{
"name": "28046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28046"
},
{
"name": "28526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28526"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "RHSA-2008:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "31142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31142"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "233623",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1"
},
{
"name": "RHSA-2008:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0007.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "RHSA-2008:0008",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "FEDORA-2008-1711",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html"
},
{
"name": "ADV-2008-0084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0084"
},
{
"name": "ADV-2007-4301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name": "ADV-2008-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0398"
},
{
"name": "RHSA-2008:0009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0009.html"
},
{
"name": "MDVSA-2008:014",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "26838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26838"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "oval:org.mitre.oval:def:9539",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "28525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28525"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "ADV-2008-0809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0809/references"
},
{
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"name": "28081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28081"
},
{
"name": "28467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28467"
},
{
"name": "SSRT080059",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name": "PK65782",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "28196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28196"
},
{
"name": "RHSA-2008:0004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"name": "28607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28607"
},
{
"name": "SUSE-SA:2008:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30356"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_13.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"name": "PK63273",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273"
},
{
"name": "MDVSA-2008:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:015"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "28073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28073"
},
{
"name": "28471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28471"
},
{
"name": "ADV-2007-4202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4202"
},
{
"name": "SSRT080010",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
},
{
"name": "HPSBMA02388",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "PK58074",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074"
},
{
"name": "29640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29640"
},
{
"name": "HPSBUX02308",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501"
},
{
"name": "32800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32800"
},
{
"name": "28977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28977"
},
{
"name": "ADV-2007-4201",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4201"
},
{
"name": "ADV-2008-1875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name": "30732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30732"
},
{
"name": "ADV-2008-1224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1224/references"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html"
},
{
"name": "MDVSA-2008:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:016"
}
]
}
}

210
2007/5xxx/CVE-2007-5657.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
},
{
"name" : "http://www.tibco.com/mk/advisory.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/mk/advisory.jsp"
},
{
"name" : "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
},
{
"name" : "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
},
{
"name" : "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
},
{
"name" : "27295",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27295"
},
{
"name" : "ADV-2008-0173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0173"
},
{
"name" : "1019193",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019193"
},
{
"name" : "28490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28490"
},
{
"name" : "tibco-rtserver-offset-code-execution(39707)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
},
{
"name": "28490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28490"
},
{
"name": "1019193",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019193"
},
{
"name": "20080115 TIBCO SmartSockets RTserver Multiple Untrusted Pointer Offset Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640"
},
{
"name": "tibco-rtserver-offset-code-execution(39707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39707"
},
{
"name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
},
{
"name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "27295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27295"
},
{
"name": "ADV-2008-0173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0173"
}
]
}
}

230
2007/5xxx/CVE-2007-5764.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080123 IBM AIX pioout BSS Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=648"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4078",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4078"
},
{
"name" : "IZ10840",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10840"
},
{
"name" : "IZ10841",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10841"
},
{
"name" : "IZ10842",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10842"
},
{
"name" : "IZ10844",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10844"
},
{
"name" : "27428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27428"
},
{
"name" : "oval:org.mitre.oval:def:5616",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5616"
},
{
"name" : "ADV-2008-0261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0261"
},
{
"name" : "1019264",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019264"
},
{
"name" : "28609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28609"
},
{
"name" : "aix-piooutcommand-bo(39912)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39912"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28609"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4078",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4078"
},
{
"name": "IZ10844",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10844"
},
{
"name": "1019264",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019264"
},
{
"name": "20080123 IBM AIX pioout BSS Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=648"
},
{
"name": "IZ10840",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10840"
},
{
"name": "aix-piooutcommand-bo(39912)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39912"
},
{
"name": "ADV-2008-0261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0261"
},
{
"name": "27428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27428"
},
{
"name": "IZ10842",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10842"
},
{
"name": "IZ10841",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10841"
},
{
"name": "oval:org.mitre.oval:def:5616",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5616"
}
]
}
}

320
2009/2xxx/CVE-2009-2847.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "9352",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9352"
},
{
"name" : "[oss-security] 20090804 CVE request - kernel: information leak in sigaltstack",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/08/04/1"
},
{
"name" : "[oss-security] 20090805 Re: CVE request - kernel: information leak in sigaltstack",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/08/05/1"
},
{
"name" : "[oss-security] 20090826 Re: CVE request - kernel: information leak in sigaltstack",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/08/26/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=515392",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=515392"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "FEDORA-2009-9044",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name" : "RHSA-2009:1438",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name" : "RHSA-2009:1243",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name" : "USN-852-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name" : "oval:org.mitre.oval:def:10637",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10637"
},
{
"name" : "oval:org.mitre.oval:def:8405",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8405"
},
{
"name" : "36136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36136"
},
{
"name" : "36501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36501"
},
{
"name" : "36759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36759"
},
{
"name" : "37471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37471"
},
{
"name" : "37105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37105"
},
{
"name" : "36562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36562"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090804 CVE request - kernel: information leak in sigaltstack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=515392",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515392"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "USN-852-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "RHSA-2009:1243",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name": "36759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36759"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[oss-security] 20090826 Re: CVE request - kernel: information leak in sigaltstack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/26/2"
},
{
"name": "oval:org.mitre.oval:def:10637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10637"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36562"
},
{
"name": "FEDORA-2009-9044",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856"
},
{
"name": "oval:org.mitre.oval:def:8405",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8405"
},
{
"name": "9352",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9352"
},
{
"name": "36501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36501"
},
{
"name": "[oss-security] 20090805 Re: CVE request - kernel: information leak in sigaltstack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/05/1"
},
{
"name": "RHSA-2009:1438",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37105"
},
{
"name": "36136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36136"
}
]
}
}

130
2015/3xxx/CVE-2015-3171.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218658",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218658"
},
{
"name" : "https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6",
"refsource" : "CONFIRM",
"url" : "https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6",
"refsource": "CONFIRM",
"url": "https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218658",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218658"
}
]
}
}

34
2015/3xxx/CVE-2015-3338.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3338",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3338",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/3xxx/CVE-2015-3564.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3564",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3564",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/3xxx/CVE-2015-3626.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FG-IR-15-018/",
"refsource" : "CONFIRM",
"url" : "http://www.fortiguard.com/advisory/FG-IR-15-018/"
},
{
"name" : "http://fortiguard.com/advisory/dhcp-hostname-html-injection",
"refsource" : "CONFIRM",
"url" : "http://fortiguard.com/advisory/dhcp-hostname-html-injection"
},
{
"name" : "http://www.fortiguard.com/advisory/dhcp-hostname-html-injection",
"refsource" : "CONFIRM",
"url" : "http://www.fortiguard.com/advisory/dhcp-hostname-html-injection"
},
{
"name" : "1033144",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-15-018/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-15-018/"
},
{
"name": "http://www.fortiguard.com/advisory/dhcp-hostname-html-injection",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/dhcp-hostname-html-injection"
},
{
"name": "1033144",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033144"
},
{
"name": "http://fortiguard.com/advisory/dhcp-hostname-html-injection",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/dhcp-hostname-html-injection"
}
]
}
}

120
2015/3xxx/CVE-2015-3971.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03"
}
]
}
}

140
2015/4xxx/CVE-2015-4435.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-4435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name" : "75737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75737"
},
{
"name" : "1032892",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, and CVE-2015-5086."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name": "75737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75737"
}
]
}
}

280
2015/4xxx/CVE-2015-4484.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-87.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-87.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1171540",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1171540"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3333",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3333"
},
{
"name" : "GLSA-201605-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201605-06"
},
{
"name" : "RHSA-2015:1586",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1586.html"
},
{
"name" : "openSUSE-SU-2015:1389",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:1390",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"
},
{
"name" : "SUSE-SU-2015:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name" : "SUSE-SU-2015:1449",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name" : "openSUSE-SU-2015:1453",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"
},
{
"name" : "openSUSE-SU-2015:1454",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"
},
{
"name" : "SUSE-SU-2015:1528",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"
},
{
"name" : "USN-2702-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2702-1"
},
{
"name" : "USN-2702-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2702-2"
},
{
"name" : "USN-2702-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2702-3"
},
{
"name" : "1033247",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-87.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-87.html"
},
{
"name": "openSUSE-SU-2015:1454",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html"
},
{
"name": "USN-2702-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2702-3"
},
{
"name": "openSUSE-SU-2015:1389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html"
},
{
"name": "openSUSE-SU-2015:1453",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html"
},
{
"name": "RHSA-2015:1586",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2015:1528",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html"
},
{
"name": "1033247",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033247"
},
{
"name": "USN-2702-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2702-2"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1171540",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1171540"
},
{
"name": "USN-2702-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2702-1"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "SUSE-SU-2015:1449",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "DSA-3333",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3333"
},
{
"name": "openSUSE-SU-2015:1390",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html"
}
]
}
}

120
2015/4xxx/CVE-2015-4626.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to \"corrupt the business logic\" via a negative value in an overdraft."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to \"corrupt the business logic\" via a negative value in an overdraft."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html"
}
]
}
}

130
2015/7xxx/CVE-2015-7408.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21975957",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
},
{
"name" : "IT13609",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows remote attackers to read or write to backup data by leveraging proxy authority."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT13609",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT13609"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975957"
}
]
}
}

34
2015/8xxx/CVE-2015-8164.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8164",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8164",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/8xxx/CVE-2015-8212.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "NetBSD-SA2016-005",
"refsource" : "NETBSD",
"url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc"
},
{
"name" : "1035673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "NetBSD-SA2016-005",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc"
},
{
"name": "1035673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035673"
}
]
}
}

140
2015/8xxx/CVE-2015-8233.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the \"Administer themes\" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2613424",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2613424"
},
{
"name" : "https://www.drupal.org/node/2613046",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2613046"
},
{
"name" : "https://www.drupal.org/node/2613048",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2613048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the \"Administer themes\" permission to inject arbitrary web script or HTML via unspecified vectors related to theme settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2613048",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2613048"
},
{
"name": "https://www.drupal.org/node/2613424",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2613424"
},
{
"name": "https://www.drupal.org/node/2613046",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2613046"
}
]
}
}

34
2015/8xxx/CVE-2015-8243.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8243",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8243",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/8xxx/CVE-2015-8937.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-8937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"
}
]
}
}

138
2015/9xxx/CVE-2015-9104.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2015-12-03T00:00:00",
"ID" : "CVE-2015-9104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Audio Station",
"version" : {
"version_data" : [
{
"version_value" : "5.1"
},
{
"version_value" : "5.4"
}
]
}
}
]
},
"vendor_name" : "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2015-12-03T00:00:00",
"ID": "CVE-2015-9104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Audio Station",
"version": {
"version_data": [
{
"version_value": "5.1"
},
{
"version_value": "5.4"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/zeroday/FG-VD-15-106",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/zeroday/FG-VD-15-106"
},
{
"name" : "https://www.synology.com/en-global/support/security/Audio_Station_5_4_2857",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/en-global/support/security/Audio_Station_5_4_2857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Audio_Station_5_4_2857",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Audio_Station_5_4_2857"
},
{
"name": "http://www.fortiguard.com/zeroday/FG-VD-15-106",
"refsource": "MISC",
"url": "http://www.fortiguard.com/zeroday/FG-VD-15-106"
}
]
}
}

140
2016/1xxx/CVE-2016-1183.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183"
},
{
"name" : "JVN#74659077",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN74659077/index.html"
},
{
"name" : "JVNDB-2016-000098",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183"
},
{
"name": "JVN#74659077",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN74659077/index.html"
},
{
"name": "JVNDB-2016-000098",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098"
}
]
}
}

130
2016/1xxx/CVE-2016-1296.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160119 Cisco Web Security Appliance Security Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa"
},
{
"name" : "1034763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034763"
},
{
"name": "20160119 Cisco Web Security Appliance Security Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa"
}
]
}
}

140
2016/1xxx/CVE-2016-1599.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-1599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.netiq.com/show_bug.cgi?id=967461",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
},
{
"name" : "https://www.netiq.com/support/kb/doc.php?id=7017399",
"refsource" : "CONFIRM",
"url" : "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"name" : "96837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96837"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7017399",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7017399"
},
{
"name": "https://bugzilla.netiq.com/show_bug.cgi?id=967461",
"refsource": "CONFIRM",
"url": "https://bugzilla.netiq.com/show_bug.cgi?id=967461"
}
]
}
}

130
2016/5xxx/CVE-2016-5087.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5087",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/BLUU-A9TJHR",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/BLUU-A9TJHR"
},
{
"name" : "VU#302544",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/302544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-A9TJHR",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-A9TJHR"
},
{
"name": "VU#302544",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/302544"
}
]
}
}

170
2016/5xxx/CVE-2016-5239.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name" : "http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16",
"refsource" : "MISC",
"url" : "http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "RHSA-2016:1237",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1237"
},
{
"name" : "91018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16",
"refsource": "MISC",
"url": "http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16"
},
{
"name": "RHSA-2016:1237",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1237"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "91018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91018"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
}
]
}
}

120
2016/5xxx/CVE-2016-5823.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160625 Re: libical 0.47 SEGV on unknown address",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/25/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160625 Re: libical 0.47 SEGV on unknown address",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/25/4"
}
]
}
}

140
2016/5xxx/CVE-2016-5944.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988625",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988625"
},
{
"name" : "IT16944",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944"
},
{
"name" : "93087",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93087"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988625",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988625"
},
{
"name": "IT16944",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16944"
}
]
}
}

160
2016/5xxx/CVE-2016-5958.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-5958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Privileged Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "1.0.1"
},
{
"version_value" : "1.0.1.1"
},
{
"version_value" : "2.0.0"
},
{
"version_value" : "2.0.1"
},
{
"version_value" : "2.0.2"
},
{
"version_value" : "2.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Privileged Identity Manager",
"version": {
"version_data": [
{
"version_value": "1.0.1"
},
{
"version_value": "1.0.1.1"
},
{
"version_value": "2.0.0"
},
{
"version_value": "2.0.1"
},
{
"version_value": "2.0.2"
},
{
"version_value": "2.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21996614",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21996614"
},
{
"name" : "95196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95196"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21996614",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21996614"
},
{
"name": "95196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95196"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999045.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-18T21:50:59.836782",
"DATE_REQUESTED" : "2018-08-15T00:00:00",
"ID" : "CVE-2018-1999045",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.137 and earlier, 2.121.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-18T21:50:59.836782",
"DATE_REQUESTED": "2018-08-15T00:00:00",
"ID": "CVE-2018-1999045",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-996",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-996",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-08-15/#SECURITY-996"
}
]
}
}

142
2018/2xxx/CVE-2018-2381.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP ERP Financials Information System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "2.00"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Authorization Check"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP Financials Information System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.00"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name" : "https://launchpad.support.sap.com/#/notes/2545842",
"refsource" : "CONFIRM",
"url" : "https://launchpad.support.sap.com/#/notes/2545842"
},
{
"name" : "103010",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2545842",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2545842"
},
{
"name": "103010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103010"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}

214
2018/2xxx/CVE-2018-2399.json
View File

@ -1,109 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Process Monitoring Infrastructure",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "from 7.10 to 7.11"
},
{
"version_affected" : "=",
"version_value" : "7.20"
},
{
"version_affected" : "=",
"version_value" : "7.30"
},
{
"version_affected" : "=",
"version_value" : "7.31"
},
{
"version_affected" : "=",
"version_value" : "7.40"
},
{
"version_affected" : "=",
"version_value" : "7.50"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Process Monitoring Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 7.10 to 7.11"
},
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.30"
},
{
"version_affected": "=",
"version_value": "7.31"
},
{
"version_affected": "=",
"version_value": "7.40"
},
{
"version_affected": "=",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"name" : "https://launchpad.support.sap.com/#/notes/2592807",
"refsource" : "CONFIRM",
"url" : "https://launchpad.support.sap.com/#/notes/2592807"
},
{
"name" : "103372",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103372"
},
{
"name": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2592807",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2592807"
}
]
}
}

172
2018/6xxx/CVE-2018-6153.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "68.0.3440.75"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "68.0.3440.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/850350",
"refsource" : "MISC",
"url" : "https://crbug.com/850350"
},
{
"name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4256",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4256"
},
{
"name" : "GLSA-201808-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201808-01"
},
{
"name" : "RHSA-2018:2282",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2282"
},
{
"name" : "104887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104887"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:2282",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2282"
},
{
"name": "https://crbug.com/850350",
"refsource": "MISC",
"url": "https://crbug.com/850350"
},
{
"name": "GLSA-201808-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-01"
},
{
"name": "DSA-4256",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4256"
},
{
"name": "104887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104887"
}
]
}
}

236
2018/6xxx/CVE-2018-6495.json
View File

@ -1,120 +1,120 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-05-23T15:14:00.000Z",
"ID" : "CVE-2018-6495",
"STATE" : "PUBLIC",
"TITLE" : "MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UCMDB",
"version" : {
"version_data" : [
{
"version_value" : "10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0"
}
]
}
},
{
"product_name" : "CMS Server 2018.05",
"version" : {
"version_data" : [
{
"version_value" : "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"
}
]
}
},
{
"product_name" : "UCMDB Browser",
"version" : {
"version_data" : [
{
"version_value" : "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"
}
]
}
}
]
},
"vendor_name" : "Micro Focus"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Micro Focus would like to thank Bharath Kumar Pyaneni for reporting this issue to cyber-psrt@microfocus.com."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS)"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-05-23T15:14:00.000Z",
"ID": "CVE-2018-6495",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UCMDB",
"version": {
"version_data": [
{
"version_value": "10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0"
}
]
}
},
{
"product_name": "CMS Server 2018.05",
"version": {
"version_data": [
{
"version_value": "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"
}
]
}
},
{
"product_name": "UCMDB Browser",
"version": {
"version_data": [
{
"version_value": "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778"
},
{
"name" : "1040970",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040970"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Bharath Kumar Pyaneni for reporting this issue to cyber-psrt@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040970"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2019/0xxx/CVE-2019-0041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0041",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0041",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0286.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0286",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0286",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0499.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0499",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0499",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

268
2019/0xxx/CVE-2019-0561.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2019-0561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Word",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 (32-bit edition)"
},
{
"version_value" : "2016 (64-bit edition)"
}
]
}
},
{
"product_name" : "Word",
"version" : {
"version_data" : [
{
"version_value" : "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2016 for Mac"
},
{
"version_value" : "2019 for 32-bit editions"
},
{
"version_value" : "2019 for 64-bit editions"
},
{
"version_value" : "2019 for Mac"
},
{
"version_value" : "Web Apps Server 2010 Service Pack 2"
}
]
}
},
{
"product_name" : "Office",
"version" : {
"version_data" : [
{
"version_value" : "365 ProPlus for 32-bit Systems"
},
{
"version_value" : "365 ProPlus for 64-bit Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka \"Microsoft Word Information Disclosure Vulnerability.\" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Word",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Word",
"version": {
"version_data": [
{
"version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Web Apps Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0561",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0561"
},
{
"name" : "106399",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka \"Microsoft Word Information Disclosure Vulnerability.\" This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0561",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0561"
},
{
"name": "106399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106399"
}
]
}
}

34
2019/0xxx/CVE-2019-0949.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0949",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0949",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1021.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1021",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1021",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1087.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1087",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1087",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1687.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1687",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1687",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4782.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4782",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4782",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4897.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4897",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4897",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4944.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4944",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4944",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5751.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5751",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5751",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5840.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5840",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5840",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}