admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:58:57 +00:00
parent 2a68a8fa9b
commit 169a19604c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4080 additions and 4080 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2006/5xxx/CVE-2006-5035.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-3569",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3569"
},
{
"name" : "28809",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28809"
},
{
"name" : "28810",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28810"
},
{
"name" : "21862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21862"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21862"
},
{
"name": "28809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28809"
},
{
"name": "ADV-2006-3569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3569"
},
{
"name": "28810",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28810"
}
]
}
}

138
2007/2xxx/CVE-2007-2003.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3702",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3702"
},
{
"name" : "ADV-2007-1345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1345"
},
{
"name" : "24842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24842"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24842"
},
{
"name": "3702",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3702"
},
{
"name": "ADV-2007-1345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1345"
}
]
}
}

168
2007/2xxx/CVE-2007-2743.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3935",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3935"
},
{
"name" : "24009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24009"
},
{
"name" : "35520",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35520"
},
{
"name" : "ADV-2007-1852",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1852"
},
{
"name" : "25303",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25303"
},
{
"name" : "glossword-customvars-file-include(34330)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34330"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25303"
},
{
"name": "24009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24009"
},
{
"name": "ADV-2007-1852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1852"
},
{
"name": "glossword-customvars-file-include(34330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34330"
},
{
"name": "35520",
"refsource": "OSVDB",
"url": "http://osvdb.org/35520"
},
{
"name": "3935",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3935"
}
]
}
}

208
2007/2xxx/CVE-2007-2918.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#330289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/330289"
},
{
"name" : "24254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24254"
},
{
"name" : "ADV-2007-2018",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2018"
},
{
"name" : "36820",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36820"
},
{
"name" : "36821",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36821"
},
{
"name" : "36822",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36822"
},
{
"name" : "36823",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36823"
},
{
"name" : "36824",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36824"
},
{
"name" : "25514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25514"
},
{
"name" : "logitech-multiple-activex-bo(34658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34658"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#330289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/330289"
},
{
"name": "36821",
"refsource": "OSVDB",
"url": "http://osvdb.org/36821"
},
{
"name": "25514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25514"
},
{
"name": "36820",
"refsource": "OSVDB",
"url": "http://osvdb.org/36820"
},
{
"name": "36824",
"refsource": "OSVDB",
"url": "http://osvdb.org/36824"
},
{
"name": "logitech-multiple-activex-bo(34658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34658"
},
{
"name": "24254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24254"
},
{
"name": "ADV-2007-2018",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2018"
},
{
"name": "36822",
"refsource": "OSVDB",
"url": "http://osvdb.org/36822"
},
{
"name": "36823",
"refsource": "OSVDB",
"url": "http://osvdb.org/36823"
}
]
}
}

188
2007/3xxx/CVE-2007-3313.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4081",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4081"
},
{
"name" : "24546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24546"
},
{
"name" : "37068",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37068"
},
{
"name" : "37069",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37069"
},
{
"name" : "ADV-2007-2264",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2264"
},
{
"name" : "25737",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25737"
},
{
"name" : "jasminecms-login-code-execution(34937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34937"
},
{
"name" : "jasminecms-news-sql-injection(34936)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34936"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24546"
},
{
"name": "jasminecms-news-sql-injection(34936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34936"
},
{
"name": "ADV-2007-2264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2264"
},
{
"name": "25737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25737"
},
{
"name": "37069",
"refsource": "OSVDB",
"url": "http://osvdb.org/37069"
},
{
"name": "4081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4081"
},
{
"name": "37068",
"refsource": "OSVDB",
"url": "http://osvdb.org/37068"
},
{
"name": "jasminecms-login-code-execution(34937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34937"
}
]
}
}

168
2007/3xxx/CVE-2007-3358.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4089",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4089"
},
{
"name" : "24581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24581"
},
{
"name" : "ADV-2007-2291",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2291"
},
{
"name" : "36324",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36324"
},
{
"name" : "25680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25680"
},
{
"name" : "serweb-loadlang-file-include(34973)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34973"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36324",
"refsource": "OSVDB",
"url": "http://osvdb.org/36324"
},
{
"name": "25680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25680"
},
{
"name": "4089",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4089"
},
{
"name": "serweb-loadlang-file-include(34973)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34973"
},
{
"name": "ADV-2007-2291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2291"
},
{
"name": "24581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24581"
}
]
}
}

338
2007/3xxx/CVE-2007-3393.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2007-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2007-02.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1498",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1498"
},
{
"name" : "DSA-1322",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1322"
},
{
"name" : "GLSA-200708-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200708-12.xml"
},
{
"name" : "MDKSA-2007:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:145"
},
{
"name" : "RHSA-2007:0710",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0710.html"
},
{
"name" : "RHSA-2007:0709",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0709.html"
},
{
"name" : "RHSA-2008:0059",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html"
},
{
"name" : "SUSE-SR:2007:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name" : "24662",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24662"
},
{
"name" : "37639",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37639"
},
{
"name" : "oval:org.mitre.oval:def:11010",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11010"
},
{
"name" : "22588",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22588/"
},
{
"name" : "ADV-2007-2353",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2353"
},
{
"name" : "1018315",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018315"
},
{
"name" : "25877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25877"
},
{
"name" : "26004",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26004"
},
{
"name" : "25833",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25833"
},
{
"name" : "25987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25987"
},
{
"name" : "26499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26499"
},
{
"name" : "28583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28583"
},
{
"name" : "wireshark-dhcpbootp-dos(35113)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35113"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25833"
},
{
"name": "wireshark-dhcpbootp-dos(35113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35113"
},
{
"name": "25877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25877"
},
{
"name": "RHSA-2008:0059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2007-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2007-02.html"
},
{
"name": "RHSA-2007:0710",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0710.html"
},
{
"name": "26499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26499"
},
{
"name": "25987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25987"
},
{
"name": "26004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26004"
},
{
"name": "GLSA-200708-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-12.xml"
},
{
"name": "RHSA-2007:0709",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0709.html"
},
{
"name": "MDKSA-2007:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:145"
},
{
"name": "22588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22588/"
},
{
"name": "1018315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018315"
},
{
"name": "https://issues.rpath.com/browse/RPL-1498",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1498"
},
{
"name": "24662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24662"
},
{
"name": "28583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28583"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html"
},
{
"name": "37639",
"refsource": "OSVDB",
"url": "http://osvdb.org/37639"
},
{
"name": "ADV-2007-2353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2353"
},
{
"name": "DSA-1322",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1322"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11010",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11010"
}
]
}
}

518
2007/3xxx/CVE-2007-3670.json
View File

@ -1,262 +1,262 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
},
{
"name" : "20070710 Internet Explorer 0day exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
},
{
"name" : "20070710 Internet Explorer 0day exploit",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
},
{
"name" : "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
"refsource" : "MISC",
"url" : "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
},
{
"name" : "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
"refsource" : "MISC",
"url" : "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
},
{
"name" : "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
"refsource" : "MISC",
"url" : "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
},
{
"name" : "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
"refsource" : "MISC",
"url" : "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
},
{
"name" : "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
},
{
"name" : "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
"refsource" : "MISC",
"url" : "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
},
{
"name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
},
{
"name" : "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
},
{
"name" : "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
},
{
"name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name" : "MDKSA-2007:152",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
},
{
"name" : "SUSE-SA:2007:049",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
},
{
"name" : "USN-503-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-503-1"
},
{
"name" : "TA07-199A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
},
{
"name" : "VU#358017",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/358017"
},
{
"name" : "24837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24837"
},
{
"name" : "38017",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38017"
},
{
"name" : "ADV-2007-2473",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2473"
},
{
"name" : "ADV-2007-2565",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2565"
},
{
"name" : "ADV-2007-4272",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4272"
},
{
"name" : "ADV-2008-0082",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name" : "1018351",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018351"
},
{
"name" : "1018360",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018360"
},
{
"name" : "25984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25984"
},
{
"name" : "26096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26096"
},
{
"name" : "26149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26149"
},
{
"name" : "26216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26216"
},
{
"name" : "26204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26204"
},
{
"name" : "26271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26271"
},
{
"name" : "26258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26258"
},
{
"name" : "26572",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26572"
},
{
"name" : "28179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28179"
},
{
"name" : "28363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28363"
},
{
"name" : "ie-firefoxurl-command-execution(35346)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a \"defense in depth\" fix that will \"prevent IE from sending Firefox malicious data.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2473",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2473"
},
{
"name": "USN-503-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-503-1"
},
{
"name": "1018360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018360"
},
{
"name": "1018351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018351"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/",
"refsource": "MISC",
"url": "http://blog.mozilla.com/security/2007/07/10/security-issue-in-url-protocol-handling-on-windows/"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:152",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:152"
},
{
"name": "25984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25984"
},
{
"name": "ie-firefoxurl-command-execution(35346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35346"
},
{
"name": "TA07-199A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-199A.html"
},
{
"name": "28179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28179"
},
{
"name": "24837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24837"
},
{
"name": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx",
"refsource": "MISC",
"url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/10/blocking-the-firefox-gt-ie-0-day.aspx"
},
{
"name": "26216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26216"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml",
"refsource": "MISC",
"url": "http://www.virusbtn.com/news/virus_news/2007/07_11.xml"
},
{
"name": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2007/07/11/ie_firefox_vuln/"
},
{
"name": "20070719 Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=565"
},
{
"name": "ADV-2007-2565",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2565"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-40.html"
},
{
"name": "26149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26149"
},
{
"name": "ADV-2008-0082",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "38017",
"refsource": "OSVDB",
"url": "http://osvdb.org/38017"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-23.html"
},
{
"name": "VU#358017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/358017"
},
{
"name": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html",
"refsource": "MISC",
"url": "http://www.xs-sniper.com/sniperscope/IE-Pwns-Firefox.html"
},
{
"name": "ADV-2007-4272",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4272"
},
{
"name": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/",
"refsource": "MISC",
"url": "http://larholm.com/2007/07/10/internet-explorer-0day-exploit/"
},
{
"name": "SUSE-SA:2007:049",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_49_mozilla.html"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt"
},
{
"name": "20070710 Internet Explorer 0day exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0160.html"
},
{
"name": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html"
},
{
"name": "26258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26258"
},
{
"name": "28363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28363"
},
{
"name": "20070710 Internet Explorer 0day exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473276/100/0/threaded"
},
{
"name": "26271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26271"
},
{
"name": "26204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26204"
},
{
"name": "26572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26572"
},
{
"name": "26096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26096"
}
]
}
}

138
2007/3xxx/CVE-2007-3695.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf",
"refsource" : "MISC",
"url" : "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf"
},
{
"name" : "24817",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24817"
},
{
"name" : "39597",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39597"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf",
"refsource": "MISC",
"url": "http://www.eleytt.com/advisories/eleytt_ALLFUSIONLICRCMD.pdf"
},
{
"name": "24817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24817"
},
{
"name": "39597",
"refsource": "OSVDB",
"url": "http://osvdb.org/39597"
}
]
}
}

138
2007/3xxx/CVE-2007-3984.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4214",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4214"
},
{
"name" : "25025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25025"
},
{
"name" : "36714",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36714"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25025"
},
{
"name": "36714",
"refsource": "OSVDB",
"url": "http://osvdb.org/36714"
},
{
"name": "4214",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4214"
}
]
}
}

148
2007/6xxx/CVE-2007-6159.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071126 Tilde CMS <= v. 4.x \"aarstal\" parameter of \"yeardetail\" SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484206/100/0/threaded"
},
{
"name" : "26591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26591"
},
{
"name" : "3402",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3402"
},
{
"name" : "tildecms-aarstal-sql-injection(38647)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38647"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tildecms-aarstal-sql-injection(38647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38647"
},
{
"name": "3402",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3402"
},
{
"name": "26591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26591"
},
{
"name": "20071126 Tilde CMS <= v. 4.x \"aarstal\" parameter of \"yeardetail\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484206/100/0/threaded"
}
]
}
}

138
2007/6xxx/CVE-2007-6215.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4676",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4676"
},
{
"name" : "26641",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26641"
},
{
"name" : "webmeetme-play-directory-traversal(38772)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38772"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmeetme-play-directory-traversal(38772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38772"
},
{
"name": "4676",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4676"
},
{
"name": "26641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26641"
}
]
}
}

188
2007/6xxx/CVE-2007-6268.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=119678724111351&w=2"
},
{
"name" : "http://www.procheckup.com/Vulnerability_PR07-39.php",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/Vulnerability_PR07-39.php"
},
{
"name" : "http://www.xigla.com/news/default.aspx",
"refsource" : "MISC",
"url" : "http://www.xigla.com/news/default.aspx"
},
{
"name" : "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip",
"refsource" : "MISC",
"url" : "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip"
},
{
"name" : "26692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26692"
},
{
"name" : "40575",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40575"
},
{
"name" : "27923",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27923"
},
{
"name" : "absolutenewsmanager-default-dir-traversal(38870)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38870"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/Vulnerability_PR07-39.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_PR07-39.php"
},
{
"name": "40575",
"refsource": "OSVDB",
"url": "http://osvdb.org/40575"
},
{
"name": "26692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26692"
},
{
"name": "http://www.xigla.com/news/default.aspx",
"refsource": "MISC",
"url": "http://www.xigla.com/news/default.aspx"
},
{
"name": "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip",
"refsource": "MISC",
"url": "http://www.xigla.com/security/ANMNET51-SecurityUpdate20071128.zip"
},
{
"name": "20071204 PR07-39: Multiple vulnerabilities on Absolute News Manager.NET",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=119678724111351&w=2"
},
{
"name": "27923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27923"
},
{
"name": "absolutenewsmanager-default-dir-traversal(38870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38870"
}
]
}
}

178
2007/6xxx/CVE-2007-6519.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBTU02300",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389"
},
{
"name" : "SSRT071452",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389"
},
{
"name" : "26964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26964"
},
{
"name" : "ADV-2007-4293",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4293"
},
{
"name" : "1019135",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019135"
},
{
"name" : "28192",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28192"
},
{
"name" : "hp-ffm-dos(39172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39172"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4293",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4293"
},
{
"name": "1019135",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019135"
},
{
"name": "28192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28192"
},
{
"name": "HPSBTU02300",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389"
},
{
"name": "26964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26964"
},
{
"name": "hp-ffm-dos(39172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39172"
},
{
"name": "SSRT071452",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01310389"
}
]
}
}

158
2010/0xxx/CVE-2010-0184.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/mk/advisory.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/mk/advisory.jsp"
},
{
"name" : "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name" : "37805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37805"
},
{
"name" : "38191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38191"
},
{
"name" : "ADV-2010-0128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0128"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/security_advisory_runtime_agent_20100113_tcm8-10392.txt"
},
{
"name": "37805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37805"
},
{
"name": "ADV-2010-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0128"
},
{
"name": "38191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38191"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
}
]
}
}

128
2010/0xxx/CVE-2010-0367.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"
},
{
"name" : "bitsvideo-showcasesearch-file-include(55740)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55740"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"
},
{
"name": "bitsvideo-showcasesearch-file-include(55740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55740"
}
]
}
}

188
2010/0xxx/CVE-2010-0785.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0785",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "PM18909",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909"
},
{
"name" : "PM23874",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874"
},
{
"name" : "43875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43875"
},
{
"name" : "41722",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41722"
},
{
"name" : "ADV-2010-2595",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2595"
},
{
"name" : "was-admin-console-csrf(62949)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62949"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM18909",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909"
},
{
"name": "41722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41722"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980"
},
{
"name": "ADV-2010-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2595"
},
{
"name": "was-admin-console-csrf(62949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62949"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "PM23874",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874"
},
{
"name": "43875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43875"
}
]
}
}

148
2010/1xxx/CVE-2010-1097.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bbs.wolvez.org/topic/125/",
"refsource" : "MISC",
"url" : "http://bbs.wolvez.org/topic/125/"
},
{
"name" : "38469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38469"
},
{
"name" : "62622",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62622"
},
{
"name" : "38790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38790"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/dialog/select_soft_post.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62622",
"refsource": "OSVDB",
"url": "http://osvdb.org/62622"
},
{
"name": "http://bbs.wolvez.org/topic/125/",
"refsource": "MISC",
"url": "http://bbs.wolvez.org/topic/125/"
},
{
"name": "38469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38469"
},
{
"name": "38790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38790"
}
]
}
}

138
2010/1xxx/CVE-2010-1179.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php",
"refsource" : "MISC",
"url" : "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php"
},
{
"name" : "11890",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11890"
},
{
"name" : "38990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38990"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php",
"refsource": "MISC",
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc4.php"
},
{
"name": "11890",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11890"
},
{
"name": "38990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38990"
}
]
}
}

118
2010/1xxx/CVE-2010-1309.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11938",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11938"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11938",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11938"
}
]
}
}

128
2010/1xxx/CVE-2010-1851.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a \"cross-site data leakage\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cnet.com/8301-31361_1-20004265-254.html",
"refsource" : "MISC",
"url" : "http://www.cnet.com/8301-31361_1-20004265-254.html"
},
{
"name" : "oval:org.mitre.oval:def:11757",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11757"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request logging, related to a \"cross-site data leakage\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnet.com/8301-31361_1-20004265-254.html",
"refsource": "MISC",
"url": "http://www.cnet.com/8301-31361_1-20004265-254.html"
},
{
"name": "oval:org.mitre.oval:def:11757",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11757"
}
]
}
}

198
2014/0xxx/CVE-2014-0082.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"name" : "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource" : "CONFIRM",
"url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name" : "https://puppet.com/security/cve/cve-2014-0082",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2014-0082"
},
{
"name" : "RHSA-2014:0215",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name" : "RHSA-2014:0306",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"name" : "openSUSE-SU-2014:0295",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name" : "57376",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57376"
},
{
"name" : "57836",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57836"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"
},
{
"name": "RHSA-2014:0215",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name": "57836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57836"
},
{
"name": "RHSA-2014:0306",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html"
},
{
"name": "https://puppet.com/security/cve/cve-2014-0082",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2014-0082"
},
{
"name": "openSUSE-SU-2014:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html"
},
{
"name": "57376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57376"
},
{
"name": "[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/18/10"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
}
]
}
}

198
2014/0xxx/CVE-2014-0467.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mutt.org/doc/devel/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://www.mutt.org/doc/devel/ChangeLog"
},
{
"name" : "DSA-2874",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2874"
},
{
"name" : "RHSA-2014:0304",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0304.html"
},
{
"name" : "openSUSE-SU-2014:0434",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html"
},
{
"name" : "openSUSE-SU-2014:0436",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html"
},
{
"name" : "SUSE-SU-2014:0471",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html"
},
{
"name" : "USN-2147-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2147-1"
},
{
"name" : "66165",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66165"
},
{
"name" : "1029919",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029919"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2874",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2874"
},
{
"name": "USN-2147-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2147-1"
},
{
"name": "RHSA-2014:0304",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0304.html"
},
{
"name": "66165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66165"
},
{
"name": "http://www.mutt.org/doc/devel/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.mutt.org/doc/devel/ChangeLog"
},
{
"name": "SUSE-SU-2014:0471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html"
},
{
"name": "1029919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029919"
},
{
"name": "openSUSE-SU-2014:0434",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html"
},
{
"name": "openSUSE-SU-2014:0436",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html"
}
]
}
}

148
2014/0xxx/CVE-2014-0640.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name" : "69288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69288"
},
{
"name" : "1030738",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030738"
},
{
"name" : "rsaarcher-cve20140640-info-disc(95362)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rsaarcher-cve20140640-info-disc(95362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95362"
},
{
"name": "20140819 ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html"
},
{
"name": "1030738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030738"
},
{
"name": "69288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69288"
}
]
}
}

128
2014/0xxx/CVE-2014-0862.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21664566",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
},
{
"name" : "ibm-rationalclm-cve20140862-rce(90895)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-rationalclm-cve20140862-rce(90895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90895"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21664566"
}
]
}
}

148
2014/1xxx/CVE-2014-1311.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-04-01-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"
},
{
"name" : "APPLE-SA-2014-04-22-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
},
{
"name" : "APPLE-SA-2014-04-22-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-04-22-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
},
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-04-22-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
},
{
"name": "APPLE-SA-2014-04-01-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"
}
]
}
}

238
2014/1xxx/CVE-2014-1489.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=959531",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=959531"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "SUSE-SU-2014:0248",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name" : "openSUSE-SU-2014:0212",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name" : "USN-2102-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name" : "USN-2102-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name" : "65329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65329"
},
{
"name" : "102874",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102874"
},
{
"name" : "1029717",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029717"
},
{
"name" : "56888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56888"
},
{
"name" : "firefox-cve20141489-sec-bypass(90888)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102874",
"refsource": "OSVDB",
"url": "http://osvdb.org/102874"
},
{
"name": "openSUSE-SU-2014:0212",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "1029717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029717"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-10.html"
},
{
"name": "65329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65329"
},
{
"name": "USN-2102-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "56888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56888"
},
{
"name": "firefox-cve20141489-sec-bypass(90888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90888"
},
{
"name": "SUSE-SU-2014:0248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=959531"
},
{
"name": "USN-2102-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-1"
}
]
}
}

248
2014/1xxx/CVE-2014-1510.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=982906",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=982906"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-2881",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2881"
},
{
"name" : "DSA-2911",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2911"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2014:0310",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0310.html"
},
{
"name" : "RHSA-2014:0316",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0316.html"
},
{
"name" : "SUSE-SU-2014:0418",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
},
{
"name" : "openSUSE-SU-2014:0419",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name" : "openSUSE-SU-2014:0448",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
},
{
"name" : "openSUSE-SU-2014:0584",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
},
{
"name" : "USN-2151-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2151-1"
},
{
"name" : "66206",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66206"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0310",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0310.html"
},
{
"name": "DSA-2911",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2911"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "SUSE-SU-2014:0418",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2151-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2151-1"
},
{
"name": "66206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66206"
},
{
"name": "DSA-2881",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2881"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=982906",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=982906"
},
{
"name": "openSUSE-SU-2014:0419",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "RHSA-2014:0316",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0316.html"
},
{
"name": "openSUSE-SU-2014:0584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
},
{
"name": "openSUSE-SU-2014:0448",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-29.html"
}
]
}
}

198
2014/4xxx/CVE-2014-4214.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "SUSE-SU-2014:1072",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
},
{
"name" : "68607",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68607"
},
{
"name" : "1030578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030578"
},
{
"name" : "60425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60425"
},
{
"name" : "oracle-cpujul2014-cve20144214(94627)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94627"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "oracle-cpujul2014-cve20144214(94627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94627"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "1030578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030578"
},
{
"name": "SUSE-SU-2014:1072",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html"
},
{
"name": "68607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68607"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "60425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60425"
}
]
}
}

118
2014/4xxx/CVE-2014-4560.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-toolpage-a3-cross-site-scripting-xss"
}
]
}
}

32
2014/4xxx/CVE-2014-4681.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4681",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4681",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2014/4xxx/CVE-2014-4946.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2014/001025.html"
},
{
"name" : "[announce] 20140707 [SECURITY] IMP 6.1.8 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2014/001019.html"
},
{
"name" : "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES"
},
{
"name" : "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES"
},
{
"name" : "59770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59770"
},
{
"name" : "59772",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59772"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59772"
},
{
"name": "[announce] 20140707 [SECURITY] Horde Groupware Webmail Edition 5.1.5 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2014/001025.html"
},
{
"name": "59770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59770"
},
{
"name": "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/blob/4513649810f13a32f1193bdeed76f7d85a5efa05/bundles/webmail/docs/CHANGES"
},
{
"name": "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/blob/c0144ac03814a8c2cf6fc5ac0d1af2653e9ee139/imp/docs/CHANGES"
},
{
"name": "[announce] 20140707 [SECURITY] IMP 6.1.8 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2014/001019.html"
}
]
}
}

128
2014/5xxx/CVE-2014-5147.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-102.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-102.html"
},
{
"name" : "1030724",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030724"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030724",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030724"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-102.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-102.html"
}
]
}
}

32
2014/5xxx/CVE-2014-5218.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5218",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5218",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/5xxx/CVE-2014-5498.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5498",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5498",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/10xxx/CVE-2016-10469.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2016-10469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cryptogrpahic Issues in CORE"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2016-10469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, incorrect implementation of RSA padding functions in CORE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptogrpahic Issues in CORE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

130
2016/10xxx/CVE-2016-10542.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ws node module",
"version" : {
"version_data" : [
{
"version_value" : "<=1.1.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ws node module",
"version": {
"version_data": [
{
"version_value": "<=1.1.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/nodejs/node/issues/7388",
"refsource" : "MISC",
"url" : "https://github.com/nodejs/node/issues/7388"
},
{
"name" : "https://nodesecurity.io/advisories/120",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/120"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nodejs/node/issues/7388",
"refsource": "MISC",
"url": "https://github.com/nodejs/node/issues/7388"
},
{
"name": "https://nodesecurity.io/advisories/120",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/120"
}
]
}
}

130
2016/10xxx/CVE-2016-10556.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sequelize node module",
"version" : {
"version_data" : [
{
"version_value" : "<=3.19.3"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `[\"test\", \"'); DELETE TestTable WHERE Id = 1 --')\"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection (CWE-89)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sequelize node module",
"version": {
"version_data": [
{
"version_value": "<=3.19.3"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sequelize/sequelize/issues/5671",
"refsource" : "MISC",
"url" : "https://github.com/sequelize/sequelize/issues/5671"
},
{
"name" : "https://nodesecurity.io/advisories/102",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/102"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `[\"test\", \"'); DELETE TestTable WHERE Id = 1 --')\"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sequelize/sequelize/issues/5671",
"refsource": "MISC",
"url": "https://github.com/sequelize/sequelize/issues/5671"
},
{
"name": "https://nodesecurity.io/advisories/102",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/102"
}
]
}
}

120
2016/10xxx/CVE-2016-10611.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "strider-sauce node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "strider-sauce node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/202",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/202"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/202",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/202"
}
]
}
}

118
2016/10xxx/CVE-2016-10704.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://magento.com/security/patches/magento-2010-and-212-security-update",
"refsource" : "CONFIRM",
"url" : "https://magento.com/security/patches/magento-2010-and-212-security-update"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://magento.com/security/patches/magento-2010-and-212-security-update",
"refsource": "CONFIRM",
"url": "https://magento.com/security/patches/magento-2010-and-212-security-update"
}
]
}
}

138
2016/3xxx/CVE-2016-3057.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989578",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989578"
},
{
"name" : "IT15790",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790"
},
{
"name" : "94389",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94389"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94389"
},
{
"name": "IT15790",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT15790"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989578",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989578"
}
]
}
}

138
2016/3xxx/CVE-2016-3921.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2"
},
{
"name" : "93307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93307"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2"
},
{
"name": "93307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93307"
}
]
}
}

128
2016/8xxx/CVE-2016-8237.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2016-8237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Lenovo Updates",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Updates",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-8313",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-8313"
},
{
"name" : "97560",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97560"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-8313",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-8313"
},
{
"name": "97560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97560"
}
]
}
}

174
2016/8xxx/CVE-2016-8747.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2016-8747",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "8.5.7 to 8.5.9"
},
{
"version_value" : "9.0.0.M11 to 9.0.0.M15"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "8.5.7 to 8.5.9"
},
{
"version_value": "9.0.0.M11 to 9.0.0.M15"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1774161",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1774161"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1774166",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1774166"
},
{
"name" : "http://tomcat.apache.org/security-8.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-8.html"
},
{
"name" : "http://tomcat.apache.org/security-9.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-9.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180614-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180614-0002/"
},
{
"name" : "96895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96895"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180614-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180614-0002/"
},
{
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "96895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96895"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1774161",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1774161"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1774166",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1774166"
}
]
}
}

136
2016/8xxx/CVE-2016-8748.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2016-12-19T00:00:00",
"ID" : "CVE-2016-8748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache NiFi",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0"
},
{
"version_value" : "1.1.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-12-19T00:00:00",
"ID": "CVE-2016-8748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache NiFi",
"version": {
"version_data": [
{
"version_value": "1.0.0"
},
{
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nifi.apache.org/security.html#CVE-2016-8748",
"refsource" : "CONFIRM",
"url" : "https://nifi.apache.org/security.html#CVE-2016-8748"
},
{
"name" : "95621",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95621"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95621"
},
{
"name": "https://nifi.apache.org/security.html#CVE-2016-8748",
"refsource": "CONFIRM",
"url": "https://nifi.apache.org/security.html#CVE-2016-8748"
}
]
}
}

178
2016/8xxx/CVE-2016-8886.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161022 Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/23/2"
},
{
"name" : "[oss-security] 20161025 Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/25/11"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1388880",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1388880"
},
{
"name" : "FEDORA-2016-6c789ba91d",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/"
},
{
"name" : "FEDORA-2016-e0f0d48142",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/"
},
{
"name" : "93839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93839"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-6c789ba91d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c"
},
{
"name": "93839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93839"
},
{
"name": "[oss-security] 20161025 Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/25/11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388880",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388880"
},
{
"name": "[oss-security] 20161022 Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/23/2"
},
{
"name": "FEDORA-2016-e0f0d48142",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/"
}
]
}
}

168
2016/9xxx/CVE-2016-9190.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html",
"refsource" : "CONFIRM",
"url" : "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html"
},
{
"name" : "https://github.com/python-pillow/Pillow/issues/2105",
"refsource" : "CONFIRM",
"url" : "https://github.com/python-pillow/Pillow/issues/2105"
},
{
"name" : "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af",
"refsource" : "CONFIRM",
"url" : "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af"
},
{
"name" : "DSA-3710",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3710"
},
{
"name" : "GLSA-201612-52",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-52"
},
{
"name" : "94234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94234"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201612-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-52"
},
{
"name": "94234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94234"
},
{
"name": "https://github.com/python-pillow/Pillow/issues/2105",
"refsource": "CONFIRM",
"url": "https://github.com/python-pillow/Pillow/issues/2105"
},
{
"name": "DSA-3710",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3710"
},
{
"name": "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html",
"refsource": "CONFIRM",
"url": "http://pillow.readthedocs.io/en/3.4.x/releasenotes/3.3.2.html"
},
{
"name": "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af",
"refsource": "CONFIRM",
"url": "https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af"
}
]
}
}

128
2016/9xxx/CVE-2016-9824.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/"
},
{
"name" : "94732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94732"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94732"
},
{
"name": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/"
}
]
}
}

32
2016/9xxx/CVE-2016-9946.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9946",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9946",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2034.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2034",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2034",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2334.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2334",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2334",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2865.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2865",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2865",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/2xxx/CVE-2019-2871.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2871",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2871",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6151.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6151",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6151",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6796.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6796",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6796",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2019/6xxx/CVE-2019-6985.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

32
2019/7xxx/CVE-2019-7417.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7417",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7417",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7791.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7791",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7791",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}