admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:35:12 +00:00
parent a9619f6e06
commit 1771543f74
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3962 additions and 3962 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/5xxx/CVE-2006-5289.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061009 [ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448092/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv54-theday-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv54-theday-2006.txt"
},
{
"name" : "2508",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2508"
},
{
"name" : "20435",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20435"
},
{
"name" : "1722",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1722"
},
{
"name" : "vtiger-update-file-include(29416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.echo.or.id/adv/adv54-theday-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv54-theday-2006.txt"
},
{
"name": "vtiger-update-file-include(29416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29416"
},
{
"name": "20435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20435"
},
{
"name": "1722",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1722"
},
{
"name": "2508",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2508"
},
{
"name": "20061009 [ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448092/100/0/threaded"
}
]
}
}

170
2006/5xxx/CVE-2006-5536.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 D-Link DSL-G624T several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449486/100/0/threaded"
},
{
"name" : "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html"
},
{
"name" : "20689",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20689"
},
{
"name" : "ADV-2006-4191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4191"
},
{
"name" : "22524",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22524"
},
{
"name" : "1781",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4191"
},
{
"name": "1781",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1781"
},
{
"name": "20689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20689"
},
{
"name": "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.eazel.es/advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html"
},
{
"name": "20061023 D-Link DSL-G624T several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449486/100/0/threaded"
},
{
"name": "22524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22524"
}
]
}
}

140
2007/2xxx/CVE-2007-2007.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070411 pL-PHP beta 0.9 - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465340/100/0/threaded"
},
{
"name" : "3704",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3704"
},
{
"name" : "ADV-2007-1352",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 pL-PHP beta 0.9 - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465340/100/0/threaded"
},
{
"name": "3704",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3704"
},
{
"name": "ADV-2007-1352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1352"
}
]
}
}

170
2007/2xxx/CVE-2007-2485.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3828",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3828"
},
{
"name" : "http://alexrabe.boelinger.com/",
"refsource" : "CONFIRM",
"url" : "http://alexrabe.boelinger.com/"
},
{
"name" : "23749",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23749"
},
{
"name" : "34359",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34359"
},
{
"name" : "ADV-2007-1616",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1616"
},
{
"name" : "myflash-myflashbutton-file-include(34000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3828",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3828"
},
{
"name": "23749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23749"
},
{
"name": "ADV-2007-1616",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1616"
},
{
"name": "34359",
"refsource": "OSVDB",
"url": "http://osvdb.org/34359"
},
{
"name": "http://alexrabe.boelinger.com/",
"refsource": "CONFIRM",
"url": "http://alexrabe.boelinger.com/"
},
{
"name": "myflash-myflashbutton-file-include(34000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34000"
}
]
}
}

180
2007/3xxx/CVE-2007-3022.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/avcenter/security/Content/2007.06.05.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name" : "24312",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24312"
},
{
"name" : "36108",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36108"
},
{
"name" : "ADV-2007-2074",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name" : "1018196",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018196"
},
{
"name" : "25543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25543"
},
{
"name" : "symantec-reporting-information-disclosure(34740)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-reporting-information-disclosure(34740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34740"
},
{
"name": "24312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24312"
},
{
"name": "36108",
"refsource": "OSVDB",
"url": "http://osvdb.org/36108"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05.html"
},
{
"name": "1018196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "25543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25543"
}
]
}
}

150
2007/6xxx/CVE-2007-6004.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4623",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4623"
},
{
"name" : "26433",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26433"
},
{
"name" : "ADV-2007-3906",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3906"
},
{
"name" : "tokoinstan-index-sql-injection(38449)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3906",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3906"
},
{
"name": "26433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26433"
},
{
"name": "4623",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4623"
},
{
"name": "tokoinstan-index-sql-injection(38449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38449"
}
]
}
}

150
2007/6xxx/CVE-2007-6362.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071205 [ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484606/100/100/threaded"
},
{
"name" : "4691",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4691"
},
{
"name" : "http://advisories.echo.or.id/adv/adv86-K-159-2007.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv86-K-159-2007.txt"
},
{
"name" : "26704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.echo.or.id/adv/adv86-K-159-2007.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv86-K-159-2007.txt"
},
{
"name": "4691",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4691"
},
{
"name": "26704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26704"
},
{
"name": "20071205 [ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484606/100/100/threaded"
}
]
}
}

130
2007/6xxx/CVE-2007-6583.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4765",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4765"
},
{
"name" : "39763",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4765",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4765"
},
{
"name": "39763",
"refsource": "OSVDB",
"url": "http://osvdb.org/39763"
}
]
}
}

180
2007/6xxx/CVE-2007-6671.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071230 Instant Softwares DatingSite SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485655/100/0/threaded"
},
{
"name" : "http://aria-security.net/forum/showthread.php?p=1189",
"refsource" : "MISC",
"url" : "http://aria-security.net/forum/showthread.php?p=1189"
},
{
"name" : "27080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27080"
},
{
"name" : "39766",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39766"
},
{
"name" : "28283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28283"
},
{
"name" : "3518",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3518"
},
{
"name" : "dating-site-loginform-sql-injection(39326)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39766",
"refsource": "OSVDB",
"url": "http://osvdb.org/39766"
},
{
"name": "20071230 Instant Softwares DatingSite SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485655/100/0/threaded"
},
{
"name": "3518",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3518"
},
{
"name": "http://aria-security.net/forum/showthread.php?p=1189",
"refsource": "MISC",
"url": "http://aria-security.net/forum/showthread.php?p=1189"
},
{
"name": "dating-site-loginform-sql-injection(39326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39326"
},
{
"name": "27080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27080"
},
{
"name": "28283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28283"
}
]
}
}

180
2010/0xxx/CVE-2010-0044.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4070",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4070"
},
{
"name" : "APPLE-SA-2010-03-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name" : "38671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38671"
},
{
"name" : "38675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38675"
},
{
"name" : "62937",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62937"
},
{
"name" : "oval:org.mitre.oval:def:7051",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"
},
{
"name" : "safari-pubsub-security-bypass(56830)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name": "38675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38675"
},
{
"name": "safari-pubsub-security-bypass(56830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"
},
{
"name": "http://support.apple.com/kb/HT4070",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4070"
},
{
"name": "62937",
"refsource": "OSVDB",
"url": "http://osvdb.org/62937"
},
{
"name": "oval:org.mitre.oval:def:7051",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"
},
{
"name": "38671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38671"
}
]
}
}

150
2010/0xxx/CVE-2010-0549.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access \"directory structure\" via a crafted PostScript file, aka \"Unauthorized Directory Structure Access Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-001_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-001_v1.0.pdf"
},
{
"name" : "1023500",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023500"
},
{
"name" : "38339",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38339"
},
{
"name" : "ADV-2010-0208",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access \"directory structure\" via a crafted PostScript file, aka \"Unauthorized Directory Structure Access Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023500"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-001_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-001_v1.0.pdf"
},
{
"name": "38339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38339"
},
{
"name": "ADV-2010-0208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0208"
}
]
}
}

170
2010/0xxx/CVE-2010-0700.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zeroscience.mk/codes/wamp_xss.txt",
"refsource" : "MISC",
"url" : "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php",
"refsource" : "MISC",
"url" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"name" : "38357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38357"
},
{
"name" : "62481",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62481"
},
{
"name" : "38706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38706"
},
{
"name" : "wampserver-index-xss(56417)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62481",
"refsource": "OSVDB",
"url": "http://osvdb.org/62481"
},
{
"name": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php",
"refsource": "MISC",
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"name": "http://zeroscience.mk/codes/wamp_xss.txt",
"refsource": "MISC",
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
]
}
}

180
2010/0xxx/CVE-2010-0753.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11549",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11549"
},
{
"name" : "http://www.packetstormsecurity.com/1002-exploits/joomlasqlreport-sql.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1002-exploits/joomlasqlreport-sql.txt"
},
{
"name" : "38361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38361"
},
{
"name" : "62534",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62534"
},
{
"name" : "38678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38678"
},
{
"name" : "sqlreport-userid-sql-injection(56476)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56476"
},
{
"name" : "sql-reports-print-sql-injection(56541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sqlreport-userid-sql-injection(56476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56476"
},
{
"name": "38361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38361"
},
{
"name": "38678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38678"
},
{
"name": "62534",
"refsource": "OSVDB",
"url": "http://osvdb.org/62534"
},
{
"name": "http://www.packetstormsecurity.com/1002-exploits/joomlasqlreport-sql.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1002-exploits/joomlasqlreport-sql.txt"
},
{
"name": "11549",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11549"
},
{
"name": "sql-reports-print-sql-injection(56541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56541"
}
]
}
}

270
2010/0xxx/CVE-2010-0831.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127602731712034&w=2"
},
{
"name" : "[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127603032617644&w=2"
},
{
"name" : "[oss-security] 20100608 jar, fastjar directory traversal vulnerabilities",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127602564508766&w=2"
},
{
"name" : "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog",
"refsource" : "CONFIRM",
"url" : "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=594497",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=594497"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=601823",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=601823"
},
{
"name" : "https://launchpad.net/bugs/540575",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/bugs/540575"
},
{
"name" : "GLSA-201209-21",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-21.xml"
},
{
"name" : "MDVSA-2010:122",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:122"
},
{
"name" : "RHSA-2011:0025",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0025.html"
},
{
"name" : "41006",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41006"
},
{
"name" : "65467",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65467"
},
{
"name" : "42892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42892"
},
{
"name" : "50786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50786"
},
{
"name" : "ADV-2010-1553",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1553"
},
{
"name" : "ADV-2011-0121",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127602731712034&w=2"
},
{
"name": "GLSA-201209-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-21.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=594497",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=594497"
},
{
"name": "[oss-security] 20100608 jar, fastjar directory traversal vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127602564508766&w=2"
},
{
"name": "RHSA-2011:0025",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0025.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=601823",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=601823"
},
{
"name": "MDVSA-2010:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:122"
},
{
"name": "ADV-2010-1553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1553"
},
{
"name": "ADV-2011-0121",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0121"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog"
},
{
"name": "[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127603032617644&w=2"
},
{
"name": "42892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42892"
},
{
"name": "50786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50786"
},
{
"name": "https://launchpad.net/bugs/540575",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/540575"
},
{
"name": "65467",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65467"
},
{
"name": "41006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41006"
}
]
}
}

170
2010/1xxx/CVE-2010-1552.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100511 ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511248/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-083/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-083/"
},
{
"name" : "HPSBMA02527",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "SSRT010098",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "SSRT090227",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name" : "8157",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT010098",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "HPSBMA02527",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "8157",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8157"
},
{
"name": "20100511 ZDI-10-083: HP OpenView NNM snmpviewer.exe CGI Multiple Variable Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511248/100/0/threaded"
},
{
"name": "SSRT090227",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127360750704351&w=2"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-083/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-083/"
}
]
}
}

170
2010/1xxx/CVE-2010-1693.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2010-1693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[ewg] 20101021 [PATCH] security fix in openibd script",
"refsource" : "MLIST",
"url" : "http://lists.openfabrics.org/pipermail/ewg/2010-October/015886.html"
},
{
"name" : "[oss-security] 20101022 CVE-2010-1693: OFED openibd startup script uses predictable tmpfile",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/22/1"
},
{
"name" : "44332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44332"
},
{
"name" : "68856",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68856"
},
{
"name" : "41937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41937"
},
{
"name" : "ofed-openibd-symlink(62753)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101022 CVE-2010-1693: OFED openibd startup script uses predictable tmpfile",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/22/1"
},
{
"name": "44332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44332"
},
{
"name": "ofed-openibd-symlink(62753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62753"
},
{
"name": "41937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41937"
},
{
"name": "68856",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68856"
},
{
"name": "[ewg] 20101021 [PATCH] security fix in openibd script",
"refsource": "MLIST",
"url": "http://lists.openfabrics.org/pipermail/ewg/2010-October/015886.html"
}
]
}
}

150
2010/1xxx/CVE-2010-1923.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1005-exploits/web20snfcs-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/web20snfcs-sql.txt"
},
{
"name" : "64513",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64513"
},
{
"name" : "39761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39761"
},
{
"name" : "socialnetworking-user-sql-injection(58583)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "socialnetworking-user-sql-injection(58583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58583"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/web20snfcs-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/web20snfcs-sql.txt"
},
{
"name": "39761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39761"
},
{
"name": "64513",
"refsource": "OSVDB",
"url": "http://osvdb.org/64513"
}
]
}
}

150
2010/4xxx/CVE-2010-4544.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes",
"refsource" : "CONFIRM",
"url" : "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"
},
{
"name" : "LO52324",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LO52324"
},
{
"name" : "ADV-2010-3193",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3193"
},
{
"name" : "lotus-notes-traveler-servlet-xss(63977)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-3193",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3193"
},
{
"name": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes"
},
{
"name": "LO52324",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO52324"
},
{
"name": "lotus-notes-traveler-servlet-xss(63977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63977"
}
]
}
}

220
2010/4xxx/CVE-2010-4565.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[netdev] 20101102 Re: [SECURITY] CAN info leak/minor heap overflow",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg145796.html"
},
{
"name" : "[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg145791.html"
},
{
"name" : "[netdev] 20101109 Re: [PATCH] Fix CAN info leak/minor heap overflow",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg146270.html"
},
{
"name" : "[netdev] 20101110 Re: [PATCH] Fix CAN info leak/minor heap overflow",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg146468.html"
},
{
"name" : "[oss-security] 20101103 CVE request: kernel: CAN information leak",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/03/3"
},
{
"name" : "[oss-security] 20101104 Re: CVE request: kernel: CAN information leak",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/04/4"
},
{
"name" : "[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/20/2"
},
{
"name" : "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/21/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=664544",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=664544"
},
{
"name" : "MDVSA-2011:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name" : "44661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel 2.6.36 and earlier creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101220 CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/20/2"
},
{
"name": "[netdev] 20101102 Re: [SECURITY] CAN info leak/minor heap overflow",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg145796.html"
},
{
"name": "[netdev] 20101109 Re: [PATCH] Fix CAN info leak/minor heap overflow",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg146270.html"
},
{
"name": "[oss-security] 20101220 Re: CVE request: kernel: CAN information leak, 2nd attempt",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/21/1"
},
{
"name": "[oss-security] 20101104 Re: CVE request: kernel: CAN information leak",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/04/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=664544",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664544"
},
{
"name": "[netdev] 20101110 Re: [PATCH] Fix CAN info leak/minor heap overflow",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg146468.html"
},
{
"name": "[netdev] 20101102 [SECURITY] CAN info leak/minor heap overflow",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg145791.html"
},
{
"name": "44661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44661"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "[oss-security] 20101103 CVE request: kernel: CAN information leak",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/03/3"
}
]
}
}

200
2010/5xxx/CVE-2010-5032.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txt"
},
{
"name" : "http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txt"
},
{
"name" : "http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txt",
"refsource" : "MISC",
"url" : "http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txt"
},
{
"name" : "http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0",
"refsource" : "CONFIRM",
"url" : "http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0"
},
{
"name" : "40435",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40435"
},
{
"name" : "65001",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65001"
},
{
"name" : "39960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39960"
},
{
"name" : "ADV-2010-1272",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1272"
},
{
"name" : "bfquiz-index-sql-injection(58979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txt",
"refsource": "MISC",
"url": "http://xenuser.org/documents/security/joomla_com_bfquiz_sqli.txt"
},
{
"name": "39960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39960"
},
{
"name": "bfquiz-index-sql-injection(58979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58979"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/joomla_com_bfquiz_sploit.py.txt"
},
{
"name": "http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/1005-exploits/joomlabfquiz-sql.txt"
},
{
"name": "http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0",
"refsource": "CONFIRM",
"url": "http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0"
},
{
"name": "ADV-2010-1272",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1272"
},
{
"name": "65001",
"refsource": "OSVDB",
"url": "http://osvdb.org/65001"
},
{
"name": "40435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40435"
}
]
}
}

150
2010/5xxx/CVE-2010-5309.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"url" : "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA&DIRECTION=5339461-1EN&FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf&FILEREV=4&DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}

180
2014/0xxx/CVE-2014-0594.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2014-03-26T00:00:00.000Z",
"ID" : "CVE-2014-0594",
"STATE" : "PUBLIC",
"TITLE" : "CSRF protection incorrectly disabled"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Open Build Service",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.4.6"
}
]
}
}
]
},
"vendor_name" : "openSUSE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2014-03-26T00:00:00.000Z",
"ID": "CVE-2014-0594",
"STATE": "PUBLIC",
"TITLE": "CSRF protection incorrectly disabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.4.6"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=870606",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=870606"
},
{
"name" : "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8",
"refsource" : "CONFIRM",
"url" : "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8"
}
]
},
"source" : {
"defect" : [
"870606"
],
"discovery" : "EXTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=870606",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=870606"
}
]
},
"source": {
"defect": [
"870606"
],
"discovery": "EXTERNAL"
}
}

150
2014/0xxx/CVE-2014-0863.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to obtain sensitive cleartext information via an unspecified security tool."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682397",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682397"
},
{
"name" : "69594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69594"
},
{
"name" : "1030805",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030805"
},
{
"name" : "ibm-cognos-cve20140863-info-disc(90937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, 10.2.0.2 before IF1, and 10.2.2.0 before IF1 stores obfuscated passwords in memory, which allows remote authenticated users to obtain sensitive cleartext information via an unspecified security tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682397",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682397"
},
{
"name": "69594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69594"
},
{
"name": "ibm-cognos-cve20140863-info-disc(90937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90937"
},
{
"name": "1030805",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030805"
}
]
}
}

34
2014/1xxx/CVE-2014-1137.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1137",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9445, CVE-2014-9581, or CVE-2014-9582 instead of this candidate."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1137",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9445, CVE-2014-9581, CVE-2014-9582. Reason: This candidate is not authorized for use because it is part of the 2014 CVE-ID ID-Syntax protection block, which protects against accidental truncation of CVE IDs with sequence numbers containing more than 4 digits. See references. Notes: All CVE users should reference CVE-2014-9445, CVE-2014-9581, or CVE-2014-9582 instead of this candidate."
}
]
}
}

220
2014/1xxx/CVE-2014-1522.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=995289",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=995289"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "FEDORA-2014-5829",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "openSUSE-SU-2014:0599",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"name" : "openSUSE-SU-2014:0629",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"name" : "USN-2185-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"name" : "1030163",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030163"
},
{
"name" : "1030164",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030164"
},
{
"name" : "59866",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html"
},
{
"name": "openSUSE-SU-2014:0599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0629",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "59866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59866"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=995289",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=995289"
},
{
"name": "USN-2185-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2185-1"
},
{
"name": "1030164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030164"
},
{
"name": "1030163",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030163"
},
{
"name": "FEDORA-2014-5829",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
}
]
}
}

180
2014/1xxx/CVE-2014-1612.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
},
{
"name" : "VU#252294",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/252294"
},
{
"name" : "65108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65108"
},
{
"name" : "102415",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102415"
},
{
"name" : "56638",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56638"
},
{
"name" : "mediatrixwebmanagement-cve20141612-xss(90656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
},
{
"name": "mediatrixwebmanagement-cve20141612-xss(90656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
},
{
"name": "VU#252294",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/252294"
},
{
"name": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
},
{
"name": "102415",
"refsource": "OSVDB",
"url": "http://osvdb.org/102415"
},
{
"name": "65108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65108"
},
{
"name": "56638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56638"
}
]
}
}

190
2014/1xxx/CVE-2014-1749.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=374649",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=374649"
},
{
"name" : "DSA-2939",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2939"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:0783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name" : "1030270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030270"
},
{
"name" : "58920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58920"
},
{
"name" : "59155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2939",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2939"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "openSUSE-SU-2014:0783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name": "59155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59155"
},
{
"name": "58920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58920"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=374649",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=374649"
},
{
"name": "1030270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030270"
}
]
}
}

34
2014/4xxx/CVE-2014-4504.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4504",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4504",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/4xxx/CVE-2014-4848.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127290/WordPress-Blogstand-Smart-Banner-1.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127290/WordPress-Blogstand-Smart-Banner-1.0-Cross-Site-Scripting.html"
},
{
"name" : "68282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blogstand-smart-banner) plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the bs_blog_id parameter to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127290/WordPress-Blogstand-Smart-Banner-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127290/WordPress-Blogstand-Smart-Banner-1.0-Cross-Site-Scripting.html"
},
{
"name": "68282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68282"
}
]
}
}

130
2014/4xxx/CVE-2014-4854.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127287/WordPress-Construction-Mode-1.8-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127287/WordPress-Construction-Mode-1.8-Cross-Site-Scripting.html"
},
{
"name" : "68287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuc_logo parameter in a save action to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68287"
},
{
"name": "http://packetstormsecurity.com/files/127287/WordPress-Construction-Mode-1.8-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127287/WordPress-Construction-Mode-1.8-Cross-Site-Scripting.html"
}
]
}
}

140
2014/4xxx/CVE-2014-4906.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#825289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/825289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#825289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/825289"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5600.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#334425",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/334425"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#334425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/334425"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5725.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Truecaller - Caller ID & Block (aka com.truecaller) application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#535417",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/535417"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Truecaller - Caller ID & Block (aka com.truecaller) application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#535417",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/535417"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5850.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#854241",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/854241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#854241",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/854241"
}
]
}
}

340
2016/3xxx/CVE-2016-3137.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-3137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1316996",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name" : "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1696",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name" : "SUSE-SU-2016:1707",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "openSUSE-SU-2016:1382",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name" : "USN-2996-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name" : "USN-2997-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name" : "USN-3000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name" : "USN-2968-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name" : "USN-2968-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name" : "USN-2970-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name" : "USN-2971-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name" : "USN-2971-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name" : "USN-2971-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name" : "84300",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84300"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cypress_m8 driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316996"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "84300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84300"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c55aee1bf0e6b6feec8b2927b43f7a09a6d5f754"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
}

140
2016/3xxx/CVE-2016-3911.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/2c7008421cb67f5d89f16911bdbe36f6c35311ad",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/2c7008421cb67f5d89f16911bdbe36f6c35311ad"
},
{
"name" : "93303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93303"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/2c7008421cb67f5d89f16911bdbe36f6c35311ad",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/2c7008421cb67f5d89f16911bdbe36f6c35311ad"
}
]
}
}

140
2016/3xxx/CVE-2016-3999.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name" : "95921",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95921"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}

34
2016/7xxx/CVE-2016-7436.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7436",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7436",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2016/7xxx/CVE-2016-7513.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-7513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378733",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378733"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723"
},
{
"name" : "93121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93121"
},
{
"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378733",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378733"
}
]
}
}

210
2016/7xxx/CVE-2016-7943.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-7943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/04/4"
},
{
"name" : "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/04/2"
},
{
"name" : "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource" : "MLIST",
"url" : "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
},
{
"name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
},
{
"name" : "FEDORA-2016-0df69ab477",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
},
{
"name" : "GLSA-201704-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-03"
},
{
"name" : "USN-3758-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3758-2/"
},
{
"name" : "USN-3758-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3758-1/"
},
{
"name" : "93362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93362"
},
{
"name" : "1036945",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036945",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036945"
},
{
"name": "USN-3758-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3758-2/"
},
{
"name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9"
},
{
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name": "[xorg-announce] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "https://lists.x.org/archives/xorg-announce/2016-October/002720.html"
},
{
"name": "[oss-security] 20161004 Re: X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/04/4"
},
{
"name": "[oss-security] 20161004 X.Org security advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/04/2"
},
{
"name": "93362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93362"
},
{
"name": "USN-3758-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3758-1/"
},
{
"name": "FEDORA-2016-0df69ab477",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7/"
}
]
}
}

130
2016/8xxx/CVE-2016-8363.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa OnCell",
"version" : {
"version_data" : [
{
"version_value" : "Moxa OnCell"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Moxa OnCell execute arbitrary OS commands"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa OnCell",
"version": {
"version_data": [
{
"version_value": "Moxa OnCell"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01"
},
{
"name" : "94092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa OnCell execute arbitrary OS commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01"
},
{
"name": "94092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94092"
}
]
}
}

140
2016/8xxx/CVE-2016-8377.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fatek Automation PLC WinProladder 3.11 Build 14701",
"version" : {
"version_data" : [
{
"version_value" : "Fatek Automation PLC WinProladder 3.11 Build 14701"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fatek Automation PLC WinProladder 3.11 Build 14701",
"version": {
"version_data": [
{
"version_value": "Fatek Automation PLC WinProladder 3.11 Build 14701"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42700",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42700/"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01"
},
{
"name" : "94938",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94938"
},
{
"name": "42700",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42700/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01"
}
]
}
}

190
2016/8xxx/CVE-2016-8630.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-8630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161122 CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/22/3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393350",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
},
{
"name" : "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
},
{
"name" : "RHSA-2017:0386",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
},
{
"name" : "RHSA-2017:0387",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"name" : "94459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
},
{
"name": "94459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94459"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
},
{
"name": "RHSA-2017:0387",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"name": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e"
},
{
"name": "[oss-security] 20161122 CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/22/3"
},
{
"name": "RHSA-2017:0386",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
}
]
}
}

160
2016/8xxx/CVE-2016-8696.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160818 potrace: multiple crashes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name" : "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name" : "http://potrace.sourceforge.net/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://potrace.sourceforge.net/ChangeLog"
},
{
"name" : "93778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93778"
},
{
"name": "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name": "[oss-security] 20160818 potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name": "http://potrace.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://potrace.sourceforge.net/ChangeLog"
}
]
}
}

272
2016/9xxx/CVE-2016-9606.json
View File

@ -1,138 +1,138 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2016-12-15T00:00:00",
"ID" : "CVE-2016-9606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RESTEasy",
"version" : {
"version_data" : [
{
"version_value" : "3.1.2"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2016-12-15T00:00:00",
"ID": "CVE-2016-9606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RESTEasy",
"version": {
"version_data": [
{
"version_value": "3.1.2"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1400644",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
},
{
"name" : "RHSA-2017:1253",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1253"
},
{
"name" : "RHSA-2017:1254",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1254"
},
{
"name" : "RHSA-2017:1255",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
},
{
"name" : "RHSA-2017:1256",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1256"
},
{
"name" : "RHSA-2017:1260",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1260"
},
{
"name" : "RHSA-2017:1409",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name" : "RHSA-2017:1410",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name" : "RHSA-2017:1411",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name" : "RHSA-2017:1412",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name" : "RHSA-2017:1675",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1675"
},
{
"name" : "RHSA-2017:1676",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1676"
},
{
"name" : "RHSA-2018:2909",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2909"
},
{
"name" : "RHSA-2018:2913",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2913"
},
{
"name" : "94940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94940"
},
{
"name" : "1038524",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1411",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:1409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "94940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94940"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400644"
},
{
"name": "RHSA-2017:1675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1675"
},
{
"name": "1038524",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038524"
},
{
"name": "RHSA-2017:1254",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1254"
},
{
"name": "RHSA-2017:1410",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1255",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1255.html"
},
{
"name": "RHSA-2017:1412",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name": "RHSA-2018:2909",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2909"
},
{
"name": "RHSA-2017:1256",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1256"
},
{
"name": "RHSA-2017:1253",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1253"
},
{
"name": "RHSA-2017:1260",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1260"
},
{
"name": "RHSA-2017:1676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1676"
},
{
"name": "RHSA-2018:2913",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2913"
}
]
}
}

34
2016/9xxx/CVE-2016-9607.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9607",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9607",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

256
2016/9xxx/CVE-2016-9895.json
View File

@ -1,130 +1,130 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2016-9895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "50.1"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.6"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.6"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CSP bypass using marquee tag"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "50.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.6"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.6"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-94/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-95/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-96/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name" : "DSA-3757",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3757"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:2946",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
},
{
"name" : "RHSA-2016:2973",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"name" : "94885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94885"
},
{
"name" : "1037461",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037461"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSP bypass using marquee tag"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-94/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-94/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-95/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-95/"
},
{
"name": "94885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94885"
},
{
"name": "1037461",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037461"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "DSA-3757",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3757"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312272"
},
{
"name": "RHSA-2016:2973",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2973.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-96/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-96/"
},
{
"name": "RHSA-2016:2946",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html"
}
]
}
}

140
2019/2xxx/CVE-2019-2430.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Argus Safety",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.1"
},
{
"version_affected" : "=",
"version_value" : "8.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Argus Safety",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.1"
},
{
"version_affected": "=",
"version_value": "8.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106599"
}
]
}
}

34
2019/2xxx/CVE-2019-2561.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2561",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2561",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2676.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2676",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2676",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2839.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2839",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2839",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2960.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2960",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2960",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6271.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6271",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6271",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}