admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:05:32 +00:00
parent 07f27097d9
commit 10007318d8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3822 additions and 3822 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2007/2xxx/CVE-2007-2131.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "TA07-108A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name" : "23532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23532"
},
{
"name" : "ADV-2007-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name" : "1017927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017927"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-108A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name": "23532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23532"
},
{
"name": "1017927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017927"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
}
]
}
}

178
2007/2xxx/CVE-2007-2300.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070412 phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465545/100/0/threaded"
},
{
"name" : "23448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23448"
},
{
"name" : "35365",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35365"
},
{
"name" : "35366",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35366"
},
{
"name" : "35367",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35367"
},
{
"name" : "2643",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2643"
},
{
"name" : "phpwebnews-mtxt-xss(33641)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33641"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35365",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35365"
},
{
"name": "23448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23448"
},
{
"name": "phpwebnews-mtxt-xss(33641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33641"
},
{
"name": "2643",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2643"
},
{
"name": "35366",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35366"
},
{
"name": "20070412 phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465545/100/0/threaded"
},
{
"name": "35367",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35367"
}
]
}
}

178
2007/2xxx/CVE-2007-2337.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10",
"refsource" : "MISC",
"url" : "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10"
},
{
"name" : "23574",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23574"
},
{
"name" : "35640",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35640"
},
{
"name" : "35641",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35641"
},
{
"name" : "35642",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35642"
},
{
"name" : "35643",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35643"
},
{
"name" : "exponentcms-multiple-scripts-xss(34077)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34077"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23574"
},
{
"name": "35642",
"refsource": "OSVDB",
"url": "http://osvdb.org/35642"
},
{
"name": "35643",
"refsource": "OSVDB",
"url": "http://osvdb.org/35643"
},
{
"name": "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10",
"refsource": "MISC",
"url": "http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10"
},
{
"name": "35641",
"refsource": "OSVDB",
"url": "http://osvdb.org/35641"
},
{
"name": "35640",
"refsource": "OSVDB",
"url": "http://osvdb.org/35640"
},
{
"name": "exponentcms-multiple-scripts-xss(34077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34077"
}
]
}
}

208
2007/2xxx/CVE-2007-2553.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070509 Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/468103/100/0/threaded"
},
{
"name" : "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html",
"refsource" : "MISC",
"url" : "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html"
},
{
"name" : "HPSBTU02211",
"refsource" : "HP",
"url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871"
},
{
"name" : "SSRT071326",
"refsource" : "HP",
"url" : "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871"
},
{
"name" : "23881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23881"
},
{
"name" : "36203",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36203"
},
{
"name" : "ADV-2007-1715",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1715"
},
{
"name" : "1018021",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018021"
},
{
"name" : "25197",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25197"
},
{
"name" : "hp-dop-privilege-escalation(34175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34175"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23881"
},
{
"name": "HPSBTU02211",
"refsource": "HP",
"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871"
},
{
"name": "25197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25197"
},
{
"name": "20070509 Re: [security bulletin] HPSBTU02211 SSRT071326 rev.1 - HP Tru64 UNIX Running the dop command, Local Execution of Arbitrary Code with Privilege Elevation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468103/100/0/threaded"
},
{
"name": "ADV-2007-1715",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1715"
},
{
"name": "hp-dop-privilege-escalation(34175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34175"
},
{
"name": "SSRT071326",
"refsource": "HP",
"url": "https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01036871"
},
{
"name": "1018021",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018021"
},
{
"name": "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html",
"refsource": "MISC",
"url": "http://www.orkaan.org/tru64/orkaan_-_exp_Tru64-5.X_SSRT071326.html"
},
{
"name": "36203",
"refsource": "OSVDB",
"url": "http://osvdb.org/36203"
}
]
}
}

208
2007/2xxx/CVE-2007-2821.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070521 [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469258/100/0/threaded"
},
{
"name" : "3960",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/3960"
},
{
"name" : "http://www.waraxe.us/advisory-50.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-50.html"
},
{
"name" : "DSA-1502",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1502"
},
{
"name" : "24076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24076"
},
{
"name" : "36311",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36311"
},
{
"name" : "ADV-2007-1889",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1889"
},
{
"name" : "25345",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25345"
},
{
"name" : "29014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29014"
},
{
"name" : "wordpress-adminajax-sql-injection(34399)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34399"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1502",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1502"
},
{
"name": "3960",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/3960"
},
{
"name": "24076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24076"
},
{
"name": "25345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25345"
},
{
"name": "wordpress-adminajax-sql-injection(34399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34399"
},
{
"name": "ADV-2007-1889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1889"
},
{
"name": "http://www.waraxe.us/advisory-50.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-50.html"
},
{
"name": "20070521 [waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469258/100/0/threaded"
},
{
"name": "29014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29014"
},
{
"name": "36311",
"refsource": "OSVDB",
"url": "http://osvdb.org/36311"
}
]
}
}

268
2007/3xxx/CVE-2007-3316.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070621 VLC 0.8.6b format string vulnerability & integer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt",
"refsource" : "MISC",
"url" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name" : "http://www.videolan.org/sa0702.html",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/sa0702.html"
},
{
"name" : "DSA-1332",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1332"
},
{
"name" : "GLSA-200707-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"name" : "VU#200928",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/200928"
},
{
"name" : "24555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24555"
},
{
"name" : "37379",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37379"
},
{
"name" : "37380",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37380"
},
{
"name" : "37381",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37381"
},
{
"name" : "37382",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37382"
},
{
"name" : "oval:org.mitre.oval:def:14600",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
},
{
"name" : "ADV-2007-2262",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2262"
},
{
"name" : "25753",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25753"
},
{
"name" : "25980",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25980"
},
{
"name" : "26269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26269"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200707-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-12.xml"
},
{
"name": "20070621 VLC 0.8.6b format string vulnerability & integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
},
{
"name": "37382",
"refsource": "OSVDB",
"url": "http://osvdb.org/37382"
},
{
"name": "24555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24555"
},
{
"name": "VU#200928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/200928"
},
{
"name": "26269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26269"
},
{
"name": "37381",
"refsource": "OSVDB",
"url": "http://osvdb.org/37381"
},
{
"name": "37380",
"refsource": "OSVDB",
"url": "http://osvdb.org/37380"
},
{
"name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "ADV-2007-2262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2262"
},
{
"name": "oval:org.mitre.oval:def:14600",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14600"
},
{
"name": "37379",
"refsource": "OSVDB",
"url": "http://osvdb.org/37379"
},
{
"name": "25753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25753"
},
{
"name": "DSA-1332",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25980"
},
{
"name": "http://www.videolan.org/sa0702.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/sa0702.html"
}
]
}
}

458
2007/3xxx/CVE-2007-3473.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070907 FLEA-2007-0052-1 gd",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
},
{
"name" : "http://bugs.libgd.org/?do=details&task_id=94",
"refsource" : "MISC",
"url" : "http://bugs.libgd.org/?do=details&task_id=94"
},
{
"name" : "http://www.libgd.org/ReleaseNote020035",
"refsource" : "CONFIRM",
"url" : "http://www.libgd.org/ReleaseNote020035"
},
{
"name" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1643",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1643"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
},
{
"name" : "FEDORA-2007-2055",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
},
{
"name" : "FEDORA-2007-692",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
},
{
"name" : "FEDORA-2010-19022",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
},
{
"name" : "FEDORA-2010-19033",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
},
{
"name" : "GLSA-200708-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200708-05.xml"
},
{
"name" : "GLSA-200711-34",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name" : "GLSA-200805-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name" : "MDKSA-2007:153",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
},
{
"name" : "MDKSA-2007:164",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"name" : "RHSA-2008:0146",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
},
{
"name" : "2007-0024",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0024/"
},
{
"name" : "24651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24651"
},
{
"name" : "37744",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37744"
},
{
"name" : "oval:org.mitre.oval:def:11806",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806"
},
{
"name" : "42813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42813"
},
{
"name" : "ADV-2007-2336",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2336"
},
{
"name" : "25855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25855"
},
{
"name" : "25860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25860"
},
{
"name" : "26272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26272"
},
{
"name" : "26390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26390"
},
{
"name" : "26415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26415"
},
{
"name" : "26467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26467"
},
{
"name" : "26663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26663"
},
{
"name" : "26766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26766"
},
{
"name" : "26856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26856"
},
{
"name" : "29157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29157"
},
{
"name" : "30168",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30168"
},
{
"name" : "ADV-2011-0022",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0022"
},
{
"name" : "gd-imagecreatexbm-dos(35109)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35109"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gd-imagecreatexbm-dos(35109)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35109"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "MDKSA-2007:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"name": "29157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29157"
},
{
"name": "37744",
"refsource": "OSVDB",
"url": "http://osvdb.org/37744"
},
{
"name": "oval:org.mitre.oval:def:11806",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11806"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "https://issues.rpath.com/browse/RPL-1643",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1643"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
},
{
"name": "25855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25855"
},
{
"name": "GLSA-200805-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "20070907 FLEA-2007-0052-1 gd",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
},
{
"name": "26467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26467"
},
{
"name": "42813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42813"
},
{
"name": "http://www.libgd.org/ReleaseNote020035",
"refsource": "CONFIRM",
"url": "http://www.libgd.org/ReleaseNote020035"
},
{
"name": "GLSA-200708-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
},
{
"name": "30168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30168"
},
{
"name": "FEDORA-2007-692",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
},
{
"name": "ADV-2011-0022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0022"
},
{
"name": "25860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25860"
},
{
"name": "ADV-2007-2336",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2336"
},
{
"name": "26663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26663"
},
{
"name": "FEDORA-2010-19033",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
},
{
"name": "26856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26856"
},
{
"name": "26272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26272"
},
{
"name": "GLSA-200711-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "RHSA-2008:0146",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
},
{
"name": "FEDORA-2010-19022",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
},
{
"name": "http://bugs.libgd.org/?do=details&task_id=94",
"refsource": "MISC",
"url": "http://bugs.libgd.org/?do=details&task_id=94"
},
{
"name": "24651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24651"
},
{
"name": "MDKSA-2007:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
},
{
"name": "26766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26766"
},
{
"name": "26390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26390"
},
{
"name": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
"refsource": "CONFIRM",
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
},
{
"name": "FEDORA-2007-2055",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
}
]
}
}

138
2007/3xxx/CVE-2007-3482.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the \"same origin policy\" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.0x000000.com/?i=371",
"refsource" : "MISC",
"url" : "http://www.0x000000.com/?i=371"
},
{
"name" : "24700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24700"
},
{
"name" : "38860",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38860"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the \"same origin policy\" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.0x000000.com/?i=371",
"refsource": "MISC",
"url": "http://www.0x000000.com/?i=371"
},
{
"name": "24700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24700"
},
{
"name": "38860",
"refsource": "OSVDB",
"url": "http://osvdb.org/38860"
}
]
}
}

128
2007/3xxx/CVE-2007-3719.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf"
},
{
"name" : "37127",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37127"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37127",
"refsource": "OSVDB",
"url": "http://osvdb.org/37127"
},
{
"name": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf",
"refsource": "MISC",
"url": "http://www.cs.huji.ac.il/~dants/papers/Cheat07Security.pdf"
}
]
}
}

188
2007/3xxx/CVE-2007-3771.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html"
},
{
"name" : "24802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24802"
},
{
"name" : "ADV-2007-2506",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2506"
},
{
"name" : "36115",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36115"
},
{
"name" : "1018367",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018367"
},
{
"name" : "1018371",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018371"
},
{
"name" : "26036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26036"
},
{
"name" : "symantec-antivirus-emailautoprotect-bo(35354)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35354"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018371"
},
{
"name": "26036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26036"
},
{
"name": "1018367",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018367"
},
{
"name": "symantec-antivirus-emailautoprotect-bo(35354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35354"
},
{
"name": "ADV-2007-2506",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2506"
},
{
"name": "24802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24802"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html"
},
{
"name": "36115",
"refsource": "OSVDB",
"url": "http://osvdb.org/36115"
}
]
}
}

178
2007/6xxx/CVE-2007-6559.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071223 Logaholic Web Analytics Software",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485480/100/0/threaded"
},
{
"name" : "20080326 Re: Logaholic Web Analytics Software",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490101/100/0/threaded"
},
{
"name" : "27003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27003"
},
{
"name" : "39790",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39790"
},
{
"name" : "39791",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39791"
},
{
"name" : "28263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28263"
},
{
"name" : "3496",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3496"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39791",
"refsource": "OSVDB",
"url": "http://osvdb.org/39791"
},
{
"name": "28263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28263"
},
{
"name": "39790",
"refsource": "OSVDB",
"url": "http://osvdb.org/39790"
},
{
"name": "3496",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3496"
},
{
"name": "27003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27003"
},
{
"name": "20071223 Logaholic Web Analytics Software",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485480/100/0/threaded"
},
{
"name": "20080326 Re: Logaholic Web Analytics Software",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490101/100/0/threaded"
}
]
}
}

158
2007/6xxx/CVE-2007-6696.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html",
"refsource" : "MISC",
"url" : "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html"
},
{
"name" : "27461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27461"
},
{
"name" : "41274",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41274"
},
{
"name" : "41275",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41275"
},
{
"name" : "41276",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41276"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27461"
},
{
"name": "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html",
"refsource": "MISC",
"url": "http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html"
},
{
"name": "41276",
"refsource": "OSVDB",
"url": "http://osvdb.org/41276"
},
{
"name": "41275",
"refsource": "OSVDB",
"url": "http://osvdb.org/41275"
},
{
"name": "41274",
"refsource": "OSVDB",
"url": "http://osvdb.org/41274"
}
]
}
}

168
2010/1xxx/CVE-2010-1551.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511247/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-082/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-082/"
},
{
"name" : "HPSBMA02527",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "SSRT010098",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "SSRT090226",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "40067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40067"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT010098",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "SSRT090226",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "40067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40067"
},
{
"name": "HPSBMA02527",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "20100511 ZDI-10-082: HP OpenView NNM netmon sel CGI Variable Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511247/100/0/threaded"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-082/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-082/"
}
]
}
}

118
2010/5xxx/CVE-2010-5186.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://personalfirewall.comodo.com/release_notes.html",
"refsource" : "CONFIRM",
"url" : "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://personalfirewall.comodo.com/release_notes.html",
"refsource": "CONFIRM",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}

178
2010/5xxx/CVE-2010-5280.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101008 LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514183/100/0/threaded"
},
{
"name" : "15222",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15222"
},
{
"name" : "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt"
},
{
"name" : "43873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43873"
},
{
"name" : "41741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41741"
},
{
"name" : "joomla-cbe-file-upload(62376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62376"
},
{
"name" : "joomla-cbe-index-file-include(62375)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62375"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43873"
},
{
"name": "41741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41741"
},
{
"name": "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt"
},
{
"name": "20101008 LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514183/100/0/threaded"
},
{
"name": "joomla-cbe-file-upload(62376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62376"
},
{
"name": "15222",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15222"
},
{
"name": "joomla-cbe-index-file-include(62375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62375"
}
]
}
}

128
2014/0xxx/CVE-2014-0088.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)",
"refsource" : "MLIST",
"url" : "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
},
{
"name" : "1030150",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030150"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
},
{
"name": "1030150",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030150"
}
]
}
}

118
2014/0xxx/CVE-2014-0314.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}

268
2014/0xxx/CVE-2014-0402.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "DSA-2845",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2845"
},
{
"name" : "DSA-2848",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2848"
},
{
"name" : "GLSA-201409-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml"
},
{
"name" : "RHSA-2014:0164",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html"
},
{
"name" : "RHSA-2014:0173",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html"
},
{
"name" : "RHSA-2014:0186",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html"
},
{
"name" : "RHSA-2014:0189",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html"
},
{
"name" : "USN-2086-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2086-1"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64908"
},
{
"name" : "102068",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102068"
},
{
"name" : "56491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56491"
},
{
"name" : "56541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56541"
},
{
"name" : "56580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56580"
},
{
"name" : "oracle-cpujan2014-cve20140402(90379)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90379"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2086-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2086-1"
},
{
"name": "102068",
"refsource": "OSVDB",
"url": "http://osvdb.org/102068"
},
{
"name": "64908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64908"
},
{
"name": "oracle-cpujan2014-cve20140402(90379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90379"
},
{
"name": "DSA-2845",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2845"
},
{
"name": "56491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56491"
},
{
"name": "RHSA-2014:0186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html"
},
{
"name": "56541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56541"
},
{
"name": "DSA-2848",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2848"
},
{
"name": "56580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56580"
},
{
"name": "RHSA-2014:0173",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html"
},
{
"name": "RHSA-2014:0189",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html"
},
{
"name": "RHSA-2014:0164",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}
}

128
2014/0xxx/CVE-2014-0493.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html"
},
{
"name" : "1029604",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029604"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029604"
},
{
"name": "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/acrobat/apsb14-01.html"
}
]
}
}

158
2014/0xxx/CVE-2014-0966.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681651",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681651"
},
{
"name" : "60679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60679"
},
{
"name" : "60693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60693"
},
{
"name" : "60695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60695"
},
{
"name" : "ibm-infospheremdm-cve20140966-sql-injection(92880)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92880"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681651",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681651"
},
{
"name": "60693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60693"
},
{
"name": "60679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60679"
},
{
"name": "60695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60695"
},
{
"name": "ibm-infospheremdm-cve20140966-sql-injection(92880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92880"
}
]
}
}

32
2014/1xxx/CVE-2014-1678.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1678",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1678",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2014/1xxx/CVE-2014-1878.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066578",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"name" : "https://dev.icinga.org/issues/5434",
"refsource" : "CONFIRM",
"url" : "https://dev.icinga.org/issues/5434"
},
{
"name" : "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6",
"refsource" : "CONFIRM",
"url" : "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
},
{
"name" : "openSUSE-SU-2014:0516",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"name" : "65605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65605"
},
{
"name" : "57024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57024"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0516",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00033.html"
},
{
"name": "https://dev.icinga.org/issues/5434",
"refsource": "CONFIRM",
"url": "https://dev.icinga.org/issues/5434"
},
{
"name": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6",
"refsource": "CONFIRM",
"url": "https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066578"
},
{
"name": "65605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65605"
},
{
"name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1615-1] nagios3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00014.html"
},
{
"name": "57024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57024"
}
]
}
}

158
2014/5xxx/CVE-2014-5212.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141219 SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534284"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=904134",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=904134"
},
{
"name" : "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource" : "CONFIRM",
"url" : "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name" : "1031408",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031408"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=904134",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=904134"
},
{
"name": "20141219 SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534284"
},
{
"name": "1031408",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031408"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}

128
2014/5xxx/CVE-2014-5326.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#52422792",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52422792/index.html"
},
{
"name" : "JVNDB-2014-000118",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#52422792",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52422792/index.html"
},
{
"name": "JVNDB-2014-000118",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000118"
}
]
}
}

138
2014/5xxx/CVE-2014-5568.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#836289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/836289"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#836289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/836289"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/5xxx/CVE-2014-5573.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#887857",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/887857"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#887857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/887857"
}
]
}
}

138
2014/5xxx/CVE-2014-5710.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#319993",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/319993"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#319993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/319993"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

148
2015/2xxx/CVE-2015-2291.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36392",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/36392/"
},
{
"name" : "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html"
},
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr"
},
{
"name" : "79623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79623"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36392",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36392/"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr"
},
{
"name": "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130854/Intel-Network-Adapter-Diagnostic-Driver-IOCTL-DoS.html"
},
{
"name": "79623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79623"
}
]
}
}

148
2015/2xxx/CVE-2015-2310.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/03/17/3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565"
},
{
"name" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md"
},
{
"name" : "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa",
"refsource" : "CONFIRM",
"url" : "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md",
"refsource": "CONFIRM",
"url": "https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565"
},
{
"name": "[oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/3"
},
{
"name": "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa",
"refsource": "CONFIRM",
"url": "https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa"
}
]
}
}

128
2015/2xxx/CVE-2015-2530.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka \"Windows Journal RCE Vulnerability,\" a different vulnerability than CVE-2015-2513 and CVE-2015-2514."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-098",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-098"
},
{
"name" : "1033484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033484"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka \"Windows Journal RCE Vulnerability,\" a different vulnerability than CVE-2015-2513 and CVE-2015-2514."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-098",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-098"
},
{
"name": "1033484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033484"
}
]
}
}

128
2015/2xxx/CVE-2015-2586.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "1032903",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032903"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032903",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032903"
}
]
}
}

138
2015/2xxx/CVE-2015-2976.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lite.research-artisan.net/main/download",
"refsource" : "CONFIRM",
"url" : "http://lite.research-artisan.net/main/download"
},
{
"name" : "JVN#58020495",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN58020495/index.html"
},
{
"name" : "JVNDB-2015-000104",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000104"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lite.research-artisan.net/main/download",
"refsource": "CONFIRM",
"url": "http://lite.research-artisan.net/main/download"
},
{
"name": "JVNDB-2015-000104",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000104"
},
{
"name": "JVN#58020495",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN58020495/index.html"
}
]
}
}

32
2016/10xxx/CVE-2016-10113.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10113",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10113",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2016/10xxx/CVE-2016-10341.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2016-10341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2016-10341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

120
2016/10xxx/CVE-2016-10529.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "droppy node module",
"version" : {
"version_data" : [
{
"version_value" : "<3.5.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "droppy node module",
"version": {
"version_data": [
{
"version_value": "<3.5.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/91",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/91"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/91",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/91"
}
]
}
}

128
2016/3xxx/CVE-2016-3055.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987128",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987128"
},
{
"name" : "92411",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92411"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92411"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987128",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987128"
}
]
}
}

32
2016/3xxx/CVE-2016-3146.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3146",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3146",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2016/4xxx/CVE-2016-4429.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20112",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20112"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name" : "https://source.android.com/security/bulletin/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name" : "openSUSE-SU-2016:1527",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
},
{
"name" : "openSUSE-SU-2016:1779",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
},
{
"name" : "USN-3759-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3759-1/"
},
{
"name" : "USN-3759-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3759-2/"
},
{
"name" : "102073",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102073"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3759-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3759-2/"
},
{
"name": "openSUSE-SU-2016:1779",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html"
},
{
"name": "USN-3759-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3759-1/"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20112"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "openSUSE-SU-2016:1527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html"
},
{
"name": "102073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102073"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bc779a1a5b3035133024b21e2f339fe4219fb11c"
}
]
}
}

128
2016/4xxx/CVE-2016-4530.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01"
},
{
"name" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300",
"refsource" : "CONFIRM",
"url" : "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300",
"refsource": "CONFIRM",
"url": "https://techsupport.osisoft.com/Troubleshooting/Alerts/AL00300"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-166-01"
}
]
}
}

32
2016/8xxx/CVE-2016-8081.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8081",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8081",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/8xxx/CVE-2016-8595.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161208 [CVE-2016-8595] ffmpeg crashes with an assert",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/08/2"
},
{
"name" : "94757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94757"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161208 [CVE-2016-8595] ffmpeg crashes with an assert",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/2"
},
{
"name": "94757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94757"
}
]
}
}

274
2016/8xxx/CVE-2016-8745.json
View File

@ -1,140 +1,140 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-01-05T00:00:00",
"ID" : "CVE-2016-8745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M1 to 9.0.0.M13"
},
{
"version_value" : "8.5.0 to 8.5.8"
},
{
"version_value" : "8.0.0.RC1 to 8.0.39"
},
{
"version_value" : "7.0.0 to 7.0.73"
},
{
"version_value" : "6.0.16 to 6.0.48"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-01-05T00:00:00",
"ID": "CVE-2016-8745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "9.0.0.M1 to 9.0.0.M13"
},
{
"version_value": "8.5.0 to 8.5.8"
},
{
"version_value": "8.0.0.RC1 to 8.0.39"
},
{
"version_value": "7.0.0 to 7.0.73"
},
{
"version_value": "6.0.16 to 6.0.48"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20170105 [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180607-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180607-0002/"
},
{
"name" : "DSA-3754",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3754"
},
{
"name" : "DSA-3755",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3755"
},
{
"name" : "GLSA-201705-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-09"
},
{
"name" : "RHSA-2017:0455",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name" : "RHSA-2017:0456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name" : "RHSA-2017:0457",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name" : "RHSA-2017:0527",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0527.html"
},
{
"name" : "RHSA-2017:0935",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0935"
},
{
"name" : "94828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94828"
},
{
"name" : "1037432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037432"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94828"
},
{
"name": "1037432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037432"
},
{
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180607-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180607-0002/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:0935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0935"
},
{
"name": "DSA-3754",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3754"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "DSA-3755",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3755"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "RHSA-2017:0527",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0527.html"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "[announce] 20170105 [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E"
}
]
}
}

32
2016/9xxx/CVE-2016-9058.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9058",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9058",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/9xxx/CVE-2016-9069.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2016-9069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "50"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap-use-after-free in nsINode::ReplaceOrInsertBefore"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/"
},
{
"name" : "94337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94337"
},
{
"name" : "1037298",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037298"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-use-after-free in nsINode::ReplaceOrInsertBefore"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1308922"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
}

128
2016/9xxx/CVE-2016-9334.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-9334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rockwell Automation MicroLogix 1100 and 1400",
"version" : {
"version_data" : [
{
"version_value" : "Rockwell Automation MicroLogix 1100 and 1400"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Rockwell Automation MicroLogix 1100 and 1400 cleartext password"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rockwell Automation MicroLogix 1100 and 1400",
"version": {
"version_data": [
{
"version_value": "Rockwell Automation MicroLogix 1100 and 1400"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
},
{
"name" : "95302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95302"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rockwell Automation MicroLogix 1100 and 1400 cleartext password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06"
},
{
"name": "95302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95302"
}
]
}
}

198
2016/9xxx/CVE-2016-9774.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/02/5"
},
{
"name" : "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/02/10"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180731-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180731-0002/"
},
{
"name" : "DSA-3738",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3738"
},
{
"name" : "DSA-3739",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3739"
},
{
"name" : "USN-3177-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3177-1"
},
{
"name" : "USN-3177-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3177-2"
},
{
"name" : "94643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94643"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3177-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3177-2"
},
{
"name": "94643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94643"
},
{
"name": "DSA-3739",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3739"
},
{
"name": "DSA-3738",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"name": "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/5"
},
{
"name": "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/10"
},
{
"name": "USN-3177-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3177-1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180731-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180731-0002/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845393"
}
]
}
}

32
2016/9xxx/CVE-2016-9944.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9944",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9944",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2291.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2291",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2291",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2364.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2364",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2364",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2631.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2631",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2631",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2848.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2848",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2848",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2882.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2882",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2882",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6028.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6028",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6451.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6451",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6451",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2019/6xxx/CVE-2019-6983.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Integer Overflow and crash during the handling of certain PDF files that embed specifically crafted 3D content, because of a free of valid memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

32
2019/7xxx/CVE-2019-7311.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7311",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7311",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7504.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7504",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7504",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7513.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7513",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7513",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}