admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:46:48 +00:00
parent 06f6d6c45c
commit 00a732d676
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3244 additions and 3244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0473.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "145",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/145"
}
]
}
}

120
1999/0xxx/CVE-1999-0719.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/563"
}
]
}
}

230
2000/1xxx/CVE-2000-1209.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"sa\" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000710 MSDE / Re: Default Password Database",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96333895000350&w=2"
},
{
"name" : "20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96593218804850&w=2"
},
{
"name" : "20000815 MS-SQL 'sa' user exploit code",
"refsource" : "BUGTRAQ",
"url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
},
{
"name" : "20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96644570412692&w=2"
},
{
"name" : "20020522 Opty-Way Enterprise includes MSDE with sa <blank>",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/273639"
},
{
"name" : "Q313418",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418"
},
{
"name" : "Q321081",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081"
},
{
"name" : "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"name" : "VU#635463",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/635463"
},
{
"name" : "4797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4797"
},
{
"name" : "3570",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3570"
},
{
"name" : "mssql-no-sapassword(1459)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/1459.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"sa\" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3570",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3570"
},
{
"name": "4797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4797"
},
{
"name": "20000710 MSDE / Re: Default Password Database",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96333895000350&w=2"
},
{
"name": "VU#635463",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/635463"
},
{
"name": "mssql-no-sapassword(1459)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/1459.php"
},
{
"name": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp"
},
{
"name": "20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96644570412692&w=2"
},
{
"name": "20020522 Opty-Way Enterprise includes MSDE with sa <blank>",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/273639"
},
{
"name": "Q313418",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418"
},
{
"name": "20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96593218804850&w=2"
},
{
"name": "Q321081",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081"
},
{
"name": "20000815 MS-SQL 'sa' user exploit code",
"refsource": "BUGTRAQ",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html"
}
]
}
}

430
2005/2xxx/CVE-2005-2707.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-59.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-59.html"
},
{
"name" : "DSA-868",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-868"
},
{
"name" : "DSA-838",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-838"
},
{
"name" : "DSA-866",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-866"
},
{
"name" : "FLSA-2006:168375",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html"
},
{
"name" : "MDKSA-2005:169",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169"
},
{
"name" : "MDKSA-2005:170",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170"
},
{
"name" : "MDKSA-2005:174",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174"
},
{
"name" : "RHSA-2005:785",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-785.html"
},
{
"name" : "RHSA-2005:789",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-789.html"
},
{
"name" : "RHSA-2005:791",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-791.html"
},
{
"name" : "SCOSA-2005.49",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name" : "SUSE-SA:2005:058",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html"
},
{
"name" : "SUSE-SA:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name" : "14919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14919"
},
{
"name" : "15495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15495"
},
{
"name" : "oval:org.mitre.oval:def:11130",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130"
},
{
"name" : "ADV-2005-1824",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1824"
},
{
"name" : "oval:org.mitre.oval:def:1197",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197"
},
{
"name" : "1014954",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014954"
},
{
"name" : "16911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16911"
},
{
"name" : "16917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16917"
},
{
"name" : "17042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17042"
},
{
"name" : "17090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17090"
},
{
"name" : "17149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17149"
},
{
"name" : "17284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17284"
},
{
"name" : "17026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17026"
},
{
"name" : "17263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17263"
},
{
"name" : "16977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16977"
},
{
"name" : "17014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17014"
},
{
"name" : "19823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19823"
},
{
"name" : "mozilla-chrome-window-spoofing(22380)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22380"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2005:169",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:169"
},
{
"name": "DSA-868",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-868"
},
{
"name": "ADV-2005-1824",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1824"
},
{
"name": "FLSA-2006:168375",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html"
},
{
"name": "SCOSA-2005.49",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "oval:org.mitre.oval:def:11130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11130"
},
{
"name": "mozilla-chrome-window-spoofing(22380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22380"
},
{
"name": "19823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19823"
},
{
"name": "14919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14919"
},
{
"name": "15495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "1014954",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014954"
},
{
"name": "RHSA-2005:789",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-789.html"
},
{
"name": "17026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17026"
},
{
"name": "RHSA-2005:791",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-791.html"
},
{
"name": "17042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17042"
},
{
"name": "DSA-866",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-866"
},
{
"name": "17284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17284"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-59.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-59.html"
},
{
"name": "17149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17149"
},
{
"name": "17263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17263"
},
{
"name": "16917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16917"
},
{
"name": "DSA-838",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-838"
},
{
"name": "17014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17014"
},
{
"name": "oval:org.mitre.oval:def:1197",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1197"
},
{
"name": "RHSA-2005:785",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-785.html"
},
{
"name": "SUSE-SA:2005:058",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_58_mozilla.html"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "MDKSA-2005:174",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:174"
},
{
"name": "17090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17090"
},
{
"name": "16911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16911"
},
{
"name": "16977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16977"
},
{
"name": "MDKSA-2005:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:170"
}
]
}
}

130
2005/2xxx/CVE-2005-2730.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112501186602731&w=2"
},
{
"name" : "astaro-proxy-information-disclosure(22024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050825 Astaro Security Linux 6.0 - HTTP CONNECT Access Localhost Weakness",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112501186602731&w=2"
},
{
"name": "astaro-proxy-information-disclosure(22024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22024"
}
]
}
}

34
2005/2xxx/CVE-2005-2942.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2942",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-2942",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none."
}
]
}
}

150
2005/3xxx/CVE-2005-3092.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050926 FL Studio 5 (.flp file processing) Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112776577002945&w=2"
},
{
"name" : "14946",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14946"
},
{
"name" : "16958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16958/"
},
{
"name" : "25",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/25"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14946"
},
{
"name": "20050926 FL Studio 5 (.flp file processing) Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112776577002945&w=2"
},
{
"name": "16958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16958/"
},
{
"name": "25",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/25"
}
]
}
}

160
2005/3xxx/CVE-2005-3528.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051109 Multiple security issues in TikiWiki 1.9.x",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name" : "http://moritz-naumann.com/adv/0003/tikiw/0003.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
},
{
"name" : "15371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15371"
},
{
"name" : "ADV-2005-2376",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name" : "17521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17521"
},
{
"name": "20051109 Multiple security issues in TikiWiki 1.9.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416152/30/0/threaded"
},
{
"name": "ADV-2005-2376",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2376"
},
{
"name": "15371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15371"
},
{
"name": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0003/tikiw/0003.txt"
}
]
}
}

440
2007/5xxx/CVE-2007-5266.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071112 FLEA-2007-0065-1 libpng",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name" : "20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name" : "[png-mng-implement] 20070911 FW: Suspicious `sizeof' line 694 of pngset.c",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement"
},
{
"name" : "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"name" : "http://www.coresecurity.com/?action=item&id=2148",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/?action=item&id=2148"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1814",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1814"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=195261",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name" : "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource" : "CONFIRM",
"url" : "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2008-05-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name" : "GLSA-200711-08",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name" : "GLSA-200805-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name" : "MDKSA-2007:217",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name" : "SSA:2007-325-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323"
},
{
"name" : "259989",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name" : "1020521",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name" : "TA08-150A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name" : "25957",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25957"
},
{
"name" : "35302",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35302"
},
{
"name" : "35386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35386"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "ADV-2008-1697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name" : "27284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27284"
},
{
"name" : "27529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27529"
},
{
"name" : "27629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27629"
},
{
"name" : "27746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27746"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
},
{
"name" : "30161",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30161"
},
{
"name" : "30430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30430"
},
{
"name" : "ADV-2009-1462",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name" : "ADV-2009-1560",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.rpath.com/browse/RPL-1814",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1814"
},
{
"name": "MDKSA-2007:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:217"
},
{
"name": "35386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35386"
},
{
"name": "[png-mng-implement] 20070911 FW: Suspicious `sizeof' line 694 of pngset.c",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=5122753600C3E94F87FBDFFCC090D1FF0400EA68%40MERCMBX07.na.sas.com&forum_name=png-mng-implement"
},
{
"name": "1020521",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
},
{
"name": "ADV-2009-1560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1560"
},
{
"name": "ADV-2009-1462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1462"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195261",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195261"
},
{
"name": "27529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27529"
},
{
"name": "27746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27746"
},
{
"name": "http://www.coresecurity.com/?action=item&id=2148",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item&id=2148"
},
{
"name": "259989",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
},
{
"name": "35302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35302"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "27284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27284"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html",
"refsource": "CONFIRM",
"url": "http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-released.html"
},
{
"name": "30161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30161"
},
{
"name": "GLSA-200805-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"name": "[png-mng-implement] 20070914 libpng-1.0.29beta1 and libpng-1.2.21beta1",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0709140846k24e9a040r81623783b6b1c00f%40mail.gmail.com"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200711-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-08.xml"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "SSA:2007-325-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.520323"
},
{
"name": "20071112 FLEA-2007-0065-1 libpng",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483582/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
},
{
"name": "25957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25957"
},
{
"name": "20080304 CORE-2008-0124: Multiple vulnerabilities in Google's Android SDK",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489135/100/0/threaded"
},
{
"name": "27629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27629"
}
]
}
}

210
2007/5xxx/CVE-2007-5615.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-5615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt",
"refsource" : "CONFIRM",
"url" : "http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt"
},
{
"name" : "FEDORA-2008-6141",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html"
},
{
"name" : "FEDORA-2008-6164",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html"
},
{
"name" : "SUSE-SR:2009:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name" : "VU#212984",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/212984"
},
{
"name" : "26696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26696"
},
{
"name" : "42495",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42495"
},
{
"name" : "27925",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27925"
},
{
"name" : "30941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30941"
},
{
"name" : "35143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42495",
"refsource": "OSVDB",
"url": "http://osvdb.org/42495"
},
{
"name": "FEDORA-2008-6141",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html"
},
{
"name": "FEDORA-2008-6164",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html"
},
{
"name": "30941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30941"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "VU#212984",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/212984"
},
{
"name": "35143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35143"
},
{
"name": "27925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27925"
},
{
"name": "http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt",
"refsource": "CONFIRM",
"url": "http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt"
},
{
"name": "26696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26696"
}
]
}
}

210
2007/5xxx/CVE-2007-5656.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
},
{
"name" : "http://www.tibco.com/mk/advisory.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/mk/advisory.jsp"
},
{
"name" : "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
},
{
"name" : "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
},
{
"name" : "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
},
{
"name" : "27293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27293"
},
{
"name" : "ADV-2008-0173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0173"
},
{
"name" : "1019193",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019193"
},
{
"name" : "28490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28490"
},
{
"name" : "tibco-rtserver-loop-code-execution(39708)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt"
},
{
"name": "28490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28490"
},
{
"name": "1019193",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019193"
},
{
"name": "20080115 TIBCO SmartSockets RTServer Multiple Untrusted Loop Bounds Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641"
},
{
"name": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt"
},
{
"name": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt"
},
{
"name": "tibco-rtserver-loop-code-execution(39708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39708"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "27293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27293"
},
{
"name": "ADV-2008-0173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0173"
}
]
}
}

180
2007/5xxx/CVE-2007-5826.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4598",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4598"
},
{
"name" : "http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html",
"refsource" : "MISC",
"url" : "http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html"
},
{
"name" : "26308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26308"
},
{
"name" : "ADV-2007-3710",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3710"
},
{
"name" : "38415",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38415"
},
{
"name" : "27462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27462"
},
{
"name" : "edraw-flowchart-edimage-file-overwrite(38223)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27462"
},
{
"name": "ADV-2007-3710",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3710"
},
{
"name": "4598",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4598"
},
{
"name": "edraw-flowchart-edimage-file-overwrite(38223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38223"
},
{
"name": "38415",
"refsource": "OSVDB",
"url": "http://osvdb.org/38415"
},
{
"name": "26308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26308"
},
{
"name": "http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/exploits/txt/TXT_3kXDua0a0Tl5Vm5LU3ms.html"
}
]
}
}

150
2007/5xxx/CVE-2007-5844.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4602",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4602"
},
{
"name" : "26315",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26315"
},
{
"name" : "ADV-2007-3750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3750"
},
{
"name" : "guppy-index-file-include(38255)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "guppy-index-file-include(38255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38255"
},
{
"name": "26315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26315"
},
{
"name": "4602",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4602"
},
{
"name": "ADV-2007-3750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3750"
}
]
}
}

160
2007/5xxx/CVE-2007-5961.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-5961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=396641",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=396641"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "45765",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45765"
},
{
"name" : "1020051",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020051"
},
{
"name" : "redhat-network-channelsearch-xss(42559)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020051"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=396641",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=396641"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "45765",
"refsource": "OSVDB",
"url": "http://osvdb.org/45765"
},
{
"name": "redhat-network-channelsearch-xss(42559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42559"
}
]
}
}

130
2009/2xxx/CVE-2009-2399.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9044",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9044"
},
{
"name" : "35622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35622"
},
{
"name": "9044",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9044"
}
]
}
}

220
2009/2xxx/CVE-2009-2479.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"name" : "9158",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9158"
},
{
"name" : "http://websecurity.com.ua/3338/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3338/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=504343",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=504343"
},
{
"name" : "http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/",
"refsource" : "CONFIRM",
"url" : "http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=504342",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=504342"
},
{
"name" : "FEDORA-2009-7898",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html"
},
{
"name" : "35707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35707"
},
{
"name" : "55931",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55931"
},
{
"name" : "1022580",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022580"
},
{
"name" : "firefox-unicode-data-dos(51729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/3338/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3338/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=504342",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=504342"
},
{
"name": "FEDORA-2009-7898",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00909.html"
},
{
"name": "9158",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9158"
},
{
"name": "http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/"
},
{
"name": "20090719 DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505092/100/0/threaded"
},
{
"name": "1022580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022580"
},
{
"name": "35707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35707"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=504343",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=504343"
},
{
"name": "55931",
"refsource": "OSVDB",
"url": "http://osvdb.org/55931"
},
{
"name": "firefox-unicode-data-dos(51729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51729"
}
]
}
}

34
2009/2xxx/CVE-2009-2708.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2708",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-2708",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

160
2009/3xxx/CVE-2009-3811.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9167",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9167"
},
{
"name" : "http://liquidworm.blogspot.com/2009/07/music-tag-editor-161-build-212-remote.html",
"refsource" : "MISC",
"url" : "http://liquidworm.blogspot.com/2009/07/music-tag-editor-161-build-212-remote.html"
},
{
"name" : "55861",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55861"
},
{
"name" : "35828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35828"
},
{
"name" : "musictageditor-mp3-bo(51724)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51724"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://liquidworm.blogspot.com/2009/07/music-tag-editor-161-build-212-remote.html",
"refsource": "MISC",
"url": "http://liquidworm.blogspot.com/2009/07/music-tag-editor-161-build-212-remote.html"
},
{
"name": "35828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35828"
},
{
"name": "55861",
"refsource": "OSVDB",
"url": "http://osvdb.org/55861"
},
{
"name": "musictageditor-mp3-bo(51724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51724"
},
{
"name": "9167",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9167"
}
]
}
}

170
2015/0xxx/CVE-2015-0516.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name" : "20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"name" : "20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Mar/116"
},
{
"name" : "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
},
{
"name" : "72255",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72255"
},
{
"name" : "1031567",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031567"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534929/100/0/threaded"
},
{
"name": "72255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72255"
},
{
"name": "20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html"
},
{
"name": "20150318 Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/116"
}
]
}
}

130
2015/0xxx/CVE-2015-0693.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150413 Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38306"
},
{
"name" : "1032097",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032097"
},
{
"name": "20150413 Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38306"
}
]
}
}

180
2015/3xxx/CVE-2015-3796.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38263",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38263/"
},
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76343"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "38263",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38263/"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
}
]
}
}

210
2015/3xxx/CVE-2015-3905.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-3905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150513 CVE Request: t1utils: buffer overflow in set_cs_start",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/05/13/9"
},
{
"name" : "[oss-security] 20150522 Re: CVE Request: t1utils: buffer overflow in set_cs_start",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/05/22/10"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779274",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779274"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218365",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218365"
},
{
"name" : "https://github.com/kohler/t1utils/blob/master/NEWS",
"refsource" : "CONFIRM",
"url" : "https://github.com/kohler/t1utils/blob/master/NEWS"
},
{
"name" : "https://github.com/kohler/t1utils/commit/6b9d1aafcb61a3663c883663eb19ccdbfcde8d33",
"refsource" : "CONFIRM",
"url" : "https://github.com/kohler/t1utils/commit/6b9d1aafcb61a3663c883663eb19ccdbfcde8d33"
},
{
"name" : "https://github.com/kohler/t1utils/issues/4",
"refsource" : "CONFIRM",
"url" : "https://github.com/kohler/t1utils/issues/4"
},
{
"name" : "GLSA-201507-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-10"
},
{
"name" : "USN-2627-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2627-1"
},
{
"name" : "74674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74674"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kohler/t1utils/blob/master/NEWS",
"refsource": "CONFIRM",
"url": "https://github.com/kohler/t1utils/blob/master/NEWS"
},
{
"name": "https://github.com/kohler/t1utils/commit/6b9d1aafcb61a3663c883663eb19ccdbfcde8d33",
"refsource": "CONFIRM",
"url": "https://github.com/kohler/t1utils/commit/6b9d1aafcb61a3663c883663eb19ccdbfcde8d33"
},
{
"name": "[oss-security] 20150513 CVE Request: t1utils: buffer overflow in set_cs_start",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/9"
},
{
"name": "74674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74674"
},
{
"name": "https://github.com/kohler/t1utils/issues/4",
"refsource": "CONFIRM",
"url": "https://github.com/kohler/t1utils/issues/4"
},
{
"name": "[oss-security] 20150522 Re: CVE Request: t1utils: buffer overflow in set_cs_start",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/22/10"
},
{
"name": "GLSA-201507-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-10"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779274",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779274"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218365",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218365"
},
{
"name": "USN-2627-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2627-1"
}
]
}
}

150
2015/4xxx/CVE-2015-4062.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37107",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37107/"
},
{
"name" : "http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name" : "https://wordpress.org/plugins/newstatpress/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/newstatpress/changelog/"
},
{
"name" : "74773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "https://wordpress.org/plugins/newstatpress/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/newstatpress/changelog/"
},
{
"name": "74773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74773"
},
{
"name": "37107",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37107/"
}
]
}
}

120
2015/4xxx/CVE-2015-4287.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150727 Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40136"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150727 Cisco Firepower 9000 Series Unauthenticated Web Page Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40136"
}
]
}
}

130
2015/4xxx/CVE-2015-4443.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-4443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name" : "1032892",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
}
]
}
}

140
2015/4xxx/CVE-2015-4949.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963630",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"name" : "IT03480",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"name" : "1033270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT03480",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03480"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963630"
},
{
"name": "1033270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033270"
}
]
}
}

190
2015/8xxx/CVE-2015-8790.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes",
"refsource" : "MLIST",
"url" : "http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html"
},
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0036/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0036/"
},
{
"name" : "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog"
},
{
"name" : "https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b",
"refsource" : "CONFIRM",
"url" : "https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b"
},
{
"name" : "DSA-3538",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3538"
},
{
"name" : "openSUSE-SU-2016:0125",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html"
},
{
"name" : "85307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85307"
},
{
"name" : "95124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3538",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3538"
},
{
"name": "95124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95124"
},
{
"name": "openSUSE-SU-2016:0125",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html"
},
{
"name": "https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b",
"refsource": "CONFIRM",
"url": "https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0036/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0036/"
},
{
"name": "[matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes",
"refsource": "MLIST",
"url": "http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html"
},
{
"name": "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog"
},
{
"name": "85307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85307"
}
]
}
}

200
2015/8xxx/CVE-2015-8807.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2016/001148.html"
},
{
"name" : "[announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2016/001149.html"
},
{
"name" : "[oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/06/4"
},
{
"name" : "[oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/06/5"
},
{
"name" : "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES"
},
{
"name" : "https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253"
},
{
"name" : "DSA-3496",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3496"
},
{
"name" : "FEDORA-2016-3d1183830b",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html"
},
{
"name" : "FEDORA-2016-5d0e7f15ef",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving numeric form fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160206 CVE Request: Horde: Two cross-site scripting vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/06/4"
},
{
"name": "[oss-security] 20160206 Re: CVE Request: Horde: Two cross-site scripting vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/06/5"
},
{
"name": "FEDORA-2016-3d1183830b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177484.html"
},
{
"name": "[announce] 20160202 [announce] [SECURITY] Horde Groupware Webmail Edition 5.2.12 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2016/001149.html"
},
{
"name": "https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253"
},
{
"name": "DSA-3496",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3496"
},
{
"name": "FEDORA-2016-5d0e7f15ef",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177584.html"
},
{
"name": "[announce] 20160202 [announce] [SECURITY] Horde Groupware 5.2.12 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2016/001148.html"
},
{
"name": "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/blob/e838d4c800b0d1ecaf8b4cc613fd3af4f994c79c/bundles/webmail/docs/CHANGES"
}
]
}
}

132
2015/9xxx/CVE-2015-9206.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-9206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overread vulnerability in Playready"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-9206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, SD 810"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810, during XML encoding of a message in the Playready module, a buffer overread may occur if the message passed is large."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overread vulnerability in Playready"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2016/5xxx/CVE-2016-5015.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5015",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-5015",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none."
}
]
}
}

130
2016/5xxx/CVE-2016-5560.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "93760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93760"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
}
]
}
}

34
2016/5xxx/CVE-2016-5962.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5962",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5962",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/2xxx/CVE-2018-2254.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2254",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2254",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/2xxx/CVE-2018-2548.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2548",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2548",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/2xxx/CVE-2018-2822.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Cluster",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "4.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris Cluster accessible data as well as unauthorized update, insert or delete access to some of Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris Cluster. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris Cluster accessible data as well as unauthorized update, insert or delete access to some of Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris Cluster."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Cluster",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103883"
},
{
"name" : "1040702",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris Cluster accessible data as well as unauthorized update, insert or delete access to some of Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris Cluster. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris Cluster accessible data as well as unauthorized update, insert or delete access to some of Solaris Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris Cluster."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040702"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "103883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103883"
}
]
}
}

142
2018/2xxx/CVE-2018-2920.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sun ZFS Storage Appliance Kit (AK) Software",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "8.7.19"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK)."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.7.19"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104803"
},
{
"name" : "1041303",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.19. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104803"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041303"
}
]
}
}

120
2018/6xxx/CVE-2018-6209.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxCryptMon",
"refsource" : "MISC",
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxCryptMon"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxCryptMon",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/MaxSecureAntivirus_POC/tree/master/MaxCryptMon"
}
]
}
}

150
2018/6xxx/CVE-2018-6392.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5",
"refsource" : "CONFIRM",
"url" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5"
},
{
"name" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235",
"refsource" : "CONFIRM",
"url" : "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235"
},
{
"name" : "DSA-4249",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4249"
},
{
"name" : "102848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102848"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235",
"refsource": "CONFIRM",
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235"
},
{
"name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5",
"refsource": "CONFIRM",
"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5"
},
{
"name": "102848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102848"
},
{
"name": "DSA-4249",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4249"
}
]
}
}

130
2018/7xxx/CVE-2018-7830.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200",
"version" : {
"version_data" : [
{
"version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200",
"version": {
"version_data": [
{
"version_value": "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-38",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-38"
},
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-38",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-38"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"
}
]
}
}

34
2019/0xxx/CVE-2019-0386.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0386",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0386",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0528.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0528",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0528",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1184.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1184",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1184",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2019/1xxx/CVE-2019-1644.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800",
"ID" : "CVE-2019-1644",
"STATE" : "PUBLIC",
"TITLE" : "Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IoT Field Network Director (IoT-FND) ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.5",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1644",
"STATE": "PUBLIC",
"TITLE": "Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IoT Field Network Director (IoT-FND) ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190123 Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos"
},
{
"name" : "106709",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106709"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190123-iot-fnd-dos",
"defect" : [
[
"CSCvj35124"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos"
},
{
"name": "106709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106709"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-iot-fnd-dos",
"defect": [
[
"CSCvj35124"
]
],
"discovery": "INTERNAL"
}
}

34
2019/1xxx/CVE-2019-1861.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1884.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1884",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1884",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1967.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1967",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1967",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5575.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5575",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5575",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5816.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5816",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5816",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5880.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5880",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5880",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5961",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5961",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}