admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:03:06 +00:00
parent 534e9da0d7
commit 1f5b5f5531
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3385 additions and 3385 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
2007/0xxx/CVE-2007-0065.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02314",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2"
},
{
"name" : "SSRT080016",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2"
},
{
"name" : "MS08-008",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-008"
},
{
"name" : "TA08-043C",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
},
{
"name" : "27661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27661"
},
{
"name" : "ADV-2008-0510",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0510/references"
},
{
"name" : "oval:org.mitre.oval:def:5388",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5388"
},
{
"name" : "1019373",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019373"
},
{
"name" : "28902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28902"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5388",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5388"
},
{
"name": "28902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28902"
},
{
"name": "ADV-2008-0510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0510/references"
},
{
"name": "HPSBST02314",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"
},
{
"name": "1019373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019373"
},
{
"name": "27661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27661"
},
{
"name": "SSRT080016",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"
},
{
"name": "MS08-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-008"
},
{
"name": "TA08-043C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
}
]
}
}

158
2007/0xxx/CVE-2007-0092.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3074",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3074"
},
{
"name" : "ADV-2007-0036",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0036"
},
{
"name" : "31679",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31679"
},
{
"name" : "23610",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23610"
},
{
"name" : "esmartcart-productdetail-sql-injection(31243)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31243"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23610"
},
{
"name": "esmartcart-productdetail-sql-injection(31243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31243"
},
{
"name": "31679",
"refsource": "OSVDB",
"url": "http://osvdb.org/31679"
},
{
"name": "3074",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3074"
},
{
"name": "ADV-2007-0036",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0036"
}
]
}
}

218
2007/0xxx/CVE-2007-0290.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
},
{
"name" : "TA07-017A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
},
{
"name" : "22083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22083"
},
{
"name" : "32888",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32888"
},
{
"name" : "32890",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32890"
},
{
"name" : "32891",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32891"
},
{
"name" : "32892",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32892"
},
{
"name" : "32893",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32893"
},
{
"name" : "1017522",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017522"
},
{
"name" : "23794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23794"
},
{
"name" : "oracle-cpu-jan2007(31541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32893",
"refsource": "OSVDB",
"url": "http://osvdb.org/32893"
},
{
"name": "23794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23794"
},
{
"name": "22083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22083"
},
{
"name": "32888",
"refsource": "OSVDB",
"url": "http://osvdb.org/32888"
},
{
"name": "32891",
"refsource": "OSVDB",
"url": "http://osvdb.org/32891"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
},
{
"name": "TA07-017A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
},
{
"name": "32892",
"refsource": "OSVDB",
"url": "http://osvdb.org/32892"
},
{
"name": "oracle-cpu-jan2007(31541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
},
{
"name": "32890",
"refsource": "OSVDB",
"url": "http://osvdb.org/32890"
},
{
"name": "1017522",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017522"
}
]
}
}

148
2007/0xxx/CVE-2007-0346.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-January/001244.html"
},
{
"name" : "ADV-2007-0221",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0221"
},
{
"name" : "32832",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32832"
},
{
"name" : "smefilemailer-login-sql-injection(31533)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31533"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32832",
"refsource": "OSVDB",
"url": "http://osvdb.org/32832"
},
{
"name": "smefilemailer-login-sql-injection(31533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31533"
},
{
"name": "20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-January/001244.html"
},
{
"name": "ADV-2007-0221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0221"
}
]
}
}

158
2007/1xxx/CVE-2007-1307.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922",
"refsource" : "CONFIRM",
"url" : "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922"
},
{
"name" : "22822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22822"
},
{
"name" : "ADV-2007-0801",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0801"
},
{
"name" : "33854",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33854"
},
{
"name" : "24349",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24349"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"refsource": "OSVDB",
"url": "http://osvdb.org/33854"
},
{
"name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922",
"refsource": "CONFIRM",
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
]
}
}

158
2007/1xxx/CVE-2007-1423.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3448",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3448"
},
{
"name" : "22908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22908"
},
{
"name" : "ADV-2007-0903",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0903"
},
{
"name" : "33973",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/33973"
},
{
"name" : "24476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24476"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22908"
},
{
"name": "33973",
"refsource": "OSVDB",
"url": "http://osvdb.org/33973"
},
{
"name": "3448",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3448"
},
{
"name": "ADV-2007-0903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0903"
},
{
"name": "24476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24476"
}
]
}
}

178
2007/1xxx/CVE-2007-1871.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070411 CVE-2007-1871: Cross site scripting in chcounter 3.1.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465486/100/0/threaded"
},
{
"name" : "http://int21.de/cve/CVE-2007-1871-chcounter.txt",
"refsource" : "MISC",
"url" : "http://int21.de/cve/CVE-2007-1871-chcounter.txt"
},
{
"name" : "23462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23462"
},
{
"name" : "ADV-2007-1371",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1371"
},
{
"name" : "34910",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34910"
},
{
"name" : "24879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24879"
},
{
"name" : "2569",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2569"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2569",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2569"
},
{
"name": "20070411 CVE-2007-1871: Cross site scripting in chcounter 3.1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465486/100/0/threaded"
},
{
"name": "24879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24879"
},
{
"name": "23462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23462"
},
{
"name": "ADV-2007-1371",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1371"
},
{
"name": "34910",
"refsource": "OSVDB",
"url": "http://osvdb.org/34910"
},
{
"name": "http://int21.de/cve/CVE-2007-1871-chcounter.txt",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2007-1871-chcounter.txt"
}
]
}
}

228
2007/4xxx/CVE-2007-4272.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain \"cron data file locations\", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070816 IBM DB2 Universal Database Multiple File Creation Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255352",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
},
{
"name" : "IY98011",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98011"
},
{
"name" : "IY98101",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98101"
},
{
"name" : "IY98210",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"
},
{
"name" : "20070818 Recent DB2 Vulnerabilities",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
},
{
"name" : "25339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25339"
},
{
"name" : "ADV-2007-2912",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2912"
},
{
"name" : "1018581",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018581"
},
{
"name" : "26471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26471"
},
{
"name" : "db2-multiple-file-create(36104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36104"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain \"cron data file locations\", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607"
},
{
"name": "20070818 Recent DB2 Vulnerabilities",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-August/001765.html"
},
{
"name": "ADV-2007-2912",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2912"
},
{
"name": "db2-multiple-file-create(36104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36104"
},
{
"name": "IY98210",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98210"
},
{
"name": "25339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25339"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255352"
},
{
"name": "1018581",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018581"
},
{
"name": "26471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26471"
},
{
"name": "IY98101",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98101"
},
{
"name": "IY98011",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY98011"
},
{
"name": "20070816 IBM DB2 Universal Database Multiple File Creation Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=580"
}
]
}
}

168
2007/4xxx/CVE-2007-4283.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name" : "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name" : "25243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25243"
},
{
"name" : "38710",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38710"
},
{
"name" : "2989",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2989"
},
{
"name" : "coppermine-yabbseinc-file-include(35884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-yabbseinc-file-include(35884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35884"
},
{
"name": "20070809 Re: Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476015/100/0/threaded"
},
{
"name": "20070807 Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475866/100/0/threaded"
},
{
"name": "25243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25243"
},
{
"name": "38710",
"refsource": "OSVDB",
"url": "http://osvdb.org/38710"
},
{
"name": "2989",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2989"
}
]
}
}

138
2007/5xxx/CVE-2007-5070.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4445",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4445"
},
{
"name" : "38158",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38158"
},
{
"name" : "easymail-messageprinter-setfont-bo(36754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36754"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38158",
"refsource": "OSVDB",
"url": "http://osvdb.org/38158"
},
{
"name": "easymail-messageprinter-setfont-bo(36754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36754"
},
{
"name": "4445",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4445"
}
]
}
}

178
2007/5xxx/CVE-2007-5257.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4474",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4474"
},
{
"name" : "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html",
"refsource" : "MISC",
"url" : "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name" : "25892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25892"
},
{
"name" : "ADV-2007-3329",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3329"
},
{
"name" : "37724",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37724"
},
{
"name" : "27017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27017"
},
{
"name" : "edraw-viewer-ftpdownloadfile-bo(36879)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37724",
"refsource": "OSVDB",
"url": "http://osvdb.org/37724"
},
{
"name": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/exploits/txt/TXT_O5FvsIzILBHQr7QbK2kD.html"
},
{
"name": "27017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27017"
},
{
"name": "edraw-viewer-ftpdownloadfile-bo(36879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36879"
},
{
"name": "25892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25892"
},
{
"name": "4474",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4474"
},
{
"name": "ADV-2007-3329",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3329"
}
]
}
}

32
2007/5xxx/CVE-2007-5285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5285",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5280. Reason: This candidate is a duplicate of CVE-2007-5280. Notes: All CVE users should reference CVE-2007-5280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2007-5285",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5280. Reason: This candidate is a duplicate of CVE-2007-5280. Notes: All CVE users should reference CVE-2007-5280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

32
2015/2xxx/CVE-2015-2538.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2538",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-2538",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

168
2015/3xxx/CVE-2015-3012.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"name" : "https://github.com/kogmbh/WebODF/pull/849",
"refsource" : "CONFIRM",
"url" : "https://github.com/kogmbh/WebODF/pull/849"
},
{
"name" : "https://github.com/kogmbh/WebODF/pull/850/files",
"refsource" : "CONFIRM",
"url" : "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-002",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
},
{
"name" : "DSA-3244",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3244"
},
{
"name" : "74445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74445"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74445"
},
{
"name": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md"
},
{
"name": "https://github.com/kogmbh/WebODF/pull/849",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/pull/849"
},
{
"name": "https://github.com/kogmbh/WebODF/pull/850/files",
"refsource": "CONFIRM",
"url": "https://github.com/kogmbh/WebODF/pull/850/files"
},
{
"name": "DSA-3244",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3244"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-002"
}
]
}
}

268
2015/3xxx/CVE-2015-3035.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535240/100/0/threaded"
},
{
"name" : "20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Apr/26"
},
{
"name" : "http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt"
},
{
"name" : "http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware"
},
{
"name" : "http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware",
"refsource" : "CONFIRM",
"url" : "http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware"
},
{
"name" : "74050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74050"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware"
},
{
"name": "http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html"
},
{
"name": "http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware"
},
{
"name": "20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/26"
},
{
"name": "http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware"
},
{
"name": "74050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74050"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt"
},
{
"name": "http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware"
},
{
"name": "http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware",
"refsource": "CONFIRM",
"url": "http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware"
},
{
"name": "20150410 SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535240/100/0/threaded"
}
]
}
}

158
2015/6xxx/CVE-2015-6005.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-6005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
},
{
"name" : "http://twitter.com/ipswitch/statuses/677558623229317121",
"refsource" : "CONFIRM",
"url" : "http://twitter.com/ipswitch/statuses/677558623229317121"
},
{
"name" : "VU#176160",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/176160"
},
{
"name" : "79506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79506"
},
{
"name" : "1034833",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034833"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#176160",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/176160"
},
{
"name": "http://twitter.com/ipswitch/statuses/677558623229317121",
"refsource": "CONFIRM",
"url": "http://twitter.com/ipswitch/statuses/677558623229317121"
},
{
"name": "1034833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034833"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
},
{
"name": "79506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79506"
}
]
}
}

168
2015/6xxx/CVE-2015-6254.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1194832",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1194832"
},
{
"name" : "https://issues.jboss.org/browse/PLINK-680",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/PLINK-680"
},
{
"name" : "RHSA-2015:0846",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name" : "RHSA-2015:0847",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name" : "RHSA-2015:0848",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name" : "RHSA-2015:0849",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.jboss.org/browse/PLINK-680",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/PLINK-680"
},
{
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194832"
},
{
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
}
]
}
}

168
2015/6xxx/CVE-2015-6730.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
"refsource" : "MLIST",
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
},
{
"name" : "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/12/6"
},
{
"name" : "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/27/6"
},
{
"name" : "FEDORA-2015-13920",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
},
{
"name" : "GLSA-201510-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201510-05"
},
{
"name" : "76334",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76334"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to \"ForeignAPI images.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201510-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-05"
},
{
"name": "[oss-security] 20150827 Re: CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/27/6"
},
{
"name": "[oss-security] 20150812 CVE Request: MediaWiki 1.25.2, 1.24.3, 1.23.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/12/6"
},
{
"name": "[MediaWiki-announce] 20150810 MediaWiki Security and Maintenance Releases: 1.25.2, 1.24.3, 1.23.10",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html"
},
{
"name": "FEDORA-2015-13920",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html"
},
{
"name": "76334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76334"
}
]
}
}

168
2015/6xxx/CVE-2015-6979.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-6979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205370",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205370"
},
{
"name" : "https://support.apple.com/HT205641",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205641"
},
{
"name" : "APPLE-SA-2015-10-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
},
{
"name" : "APPLE-SA-2015-12-08-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"name" : "77268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77268"
},
{
"name" : "1033929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033929"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-10-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html"
},
{
"name": "APPLE-SA-2015-12-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html"
},
{
"name": "https://support.apple.com/HT205370",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205370"
},
{
"name": "https://support.apple.com/HT205641",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205641"
},
{
"name": "1033929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033929"
},
{
"name": "77268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77268"
}
]
}
}

138
2015/7xxx/CVE-2015-7384.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1268791",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1268791"
},
{
"name" : "https://github.com/nodejs/node/issues/3138",
"refsource" : "CONFIRM",
"url" : "https://github.com/nodejs/node/issues/3138"
},
{
"name" : "101260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101260"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1268791",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268791"
},
{
"name": "https://github.com/nodejs/node/issues/3138",
"refsource": "CONFIRM",
"url": "https://github.com/nodejs/node/issues/3138"
},
{
"name": "101260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101260"
}
]
}
}

148
2015/7xxx/CVE-2015-7568.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the \"userEmail\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537493/100/0/threaded"
},
{
"name" : "39436",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39436/"
},
{
"name" : "20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Feb/44"
},
{
"name" : "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the \"userEmail\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537493/100/0/threaded"
},
{
"name": "39436",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39436/"
},
{
"name": "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html"
},
{
"name": "20160210 SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/44"
}
]
}
}

148
2015/7xxx/CVE-2015-7635.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-7635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
},
{
"name" : "RHSA-2015:2024",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name" : "RHSA-2015:1893",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1893.html"
},
{
"name" : "77061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77061"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2024",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2024.html"
},
{
"name": "77061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77061"
},
{
"name": "RHSA-2015:1893",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1893.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-25.html"
}
]
}
}

208
2015/7xxx/CVE-2015-7692.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug2899",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1274254",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3388",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3388"
},
{
"name" : "GLSA-201607-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-15"
},
{
"name" : "RHSA-2016:0780",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name" : "RHSA-2016:2583",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name" : "77285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77285"
},
{
"name" : "1033951",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033951"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77285"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2899",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}

158
2016/0xxx/CVE-2016-0069.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0068."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009"
},
{
"name" : "JVN#78383854",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN78383854/index.html"
},
{
"name" : "JVNDB-2016-000028",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html"
},
{
"name" : "82665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/82665"
},
{
"name" : "1034971",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034971"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0068."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#78383854",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78383854/index.html"
},
{
"name": "JVNDB-2016-000028",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000028.html"
},
{
"name": "1034971",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034971"
},
{
"name": "MS16-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009"
},
{
"name": "82665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82665"
}
]
}
}

118
2016/0xxx/CVE-2016-0386.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IV83657",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to hijack the authentication of administrators for requests that delete employees."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV83657",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV83657"
}
]
}
}

148
2016/0xxx/CVE-2016-0489.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-038",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-038"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "81184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/81184"
},
{
"name" : "1034734",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034734"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81184"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-038",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-038"
},
{
"name": "1034734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034734"
}
]
}
}

148
2016/0xxx/CVE-2016-0818.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-0818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-03-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-03-01.html"
},
{
"name" : "https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0"
},
{
"name" : "https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779"
},
{
"name" : "84245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84245"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0"
},
{
"name": "84245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84245"
},
{
"name": "http://source.android.com/security/bulletin/2016-03-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-03-01.html"
},
{
"name": "https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779"
}
]
}
}

124
2016/1000xxx/CVE-2016-1000282.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-02-04T11:22:33",
"DATE_REQUESTED" : "2019-02-04T11:22:33",
"ID" : "CVE-2016-1000282",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Haraka",
"version" : {
"version_data" : [
{
"version_value" : "2.8.8"
}
]
}
}
]
},
"vendor_name" : "Haraka"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-02-04T11:22:33",
"DATE_REQUESTED": "2019-02-04T11:22:33",
"ID": "CVE-2016-1000282",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py",
"refsource" : "MISC",
"url" : "https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py",
"refsource": "MISC",
"url": "https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py"
}
]
}
}

128
2016/1xxx/CVE-2016-1124.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

148
2016/1xxx/CVE-2016-1227.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://web116.jp/ced/support/news/contents/2016/20160627.html",
"refsource" : "CONFIRM",
"url" : "http://web116.jp/ced/support/news/contents/2016/20160627.html"
},
{
"name" : "http://www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html",
"refsource" : "CONFIRM",
"url" : "http://www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html"
},
{
"name" : "JVN#77403442",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN77403442/index.html"
},
{
"name" : "JVNDB-2016-000105",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000105"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html",
"refsource": "CONFIRM",
"url": "http://www.ntt-west.co.jp/kiki/support/flets/hgw4_mi/160627.html"
},
{
"name": "JVNDB-2016-000105",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000105"
},
{
"name": "JVN#77403442",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN77403442/index.html"
},
{
"name": "http://web116.jp/ced/support/news/contents/2016/20160627.html",
"refsource": "CONFIRM",
"url": "http://web116.jp/ced/support/news/contents/2016/20160627.html"
}
]
}
}

138
2016/1xxx/CVE-2016-1731.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT206091",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT206091"
},
{
"name" : "84283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84283"
},
{
"name" : "1035256",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035256"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035256"
},
{
"name": "https://support.apple.com/kb/HT206091",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT206091"
},
{
"name": "84283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84283"
}
]
}
}

148
2016/1xxx/CVE-2016-1798.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT206567",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206567"
},
{
"name" : "APPLE-SA-2016-05-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name" : "90696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90696"
},
{
"name" : "1035895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035895"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT206567",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206567"
},
{
"name": "APPLE-SA-2016-05-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name": "90696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90696"
},
{
"name": "1035895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035895"
}
]
}
}

418
2016/4xxx/CVE-2016-4578.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46529",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46529/"
},
{
"name" : "[oss-security] 20160511 Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/11/5"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335215",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1335215"
},
{
"name" : "https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6"
},
{
"name" : "https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name" : "RHSA-2016:2584",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1937",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name" : "openSUSE-SU-2016:1641",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name" : "SUSE-SU-2016:1985",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name" : "SUSE-SU-2016:2105",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name" : "openSUSE-SU-2016:2184",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name" : "USN-3016-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name" : "USN-3016-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name" : "USN-3016-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name" : "USN-3016-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name" : "USN-3017-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name" : "USN-3017-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name" : "USN-3017-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name" : "USN-3018-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name" : "USN-3018-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name" : "USN-3019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name" : "USN-3020-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name" : "USN-3021-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name" : "USN-3021-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name" : "90535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90535"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"
},
{
"name": "USN-3017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"name": "46529",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46529/"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5"
},
{
"name": "USN-3021-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-2"
},
{
"name": "USN-3017-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1335215",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335215"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "90535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90535"
},
{
"name": "USN-3016-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-3021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3021-1"
},
{
"name": "USN-3018-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6"
},
{
"name": "[oss-security] 20160511 Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/11/5"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6"
},
{
"name": "USN-3016-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "USN-3020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}

188
2016/4xxx/CVE-2016-4719.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-4719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207141",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207141"
},
{
"name" : "https://support.apple.com/HT207143",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207143"
},
{
"name" : "APPLE-SA-2016-09-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00004.html"
},
{
"name" : "APPLE-SA-2016-09-20-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
},
{
"name" : "APPLE-SA-2016-09-20-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"
},
{
"name" : "92932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92932"
},
{
"name" : "92933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92933"
},
{
"name" : "1036797",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036797"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207141",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207141"
},
{
"name": "APPLE-SA-2016-09-20-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
},
{
"name": "APPLE-SA-2016-09-20-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"
},
{
"name": "1036797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036797"
},
{
"name": "92933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92933"
},
{
"name": "APPLE-SA-2016-09-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00004.html"
},
{
"name": "92932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92932"
},
{
"name": "https://support.apple.com/HT207143",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207143"
}
]
}
}

168
2016/4xxx/CVE-2016-4905.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-4905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WP-OliveCart",
"version" : {
"version_data" : [
{
"version_value" : "versions prior to 3.1.3"
}
]
}
},
{
"product_name" : "WP-OliveCartPro",
"version" : {
"version_data" : [
{
"version_value" : "versions prior to 3.1.8"
}
]
}
}
]
},
"vendor_name" : "Olive Design"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP-OliveCart",
"version": {
"version_data": [
{
"version_value": "versions prior to 3.1.3"
}
]
}
},
{
"product_name": "WP-OliveCartPro",
"version": {
"version_data": [
{
"version_value": "versions prior to 3.1.8"
}
]
}
}
]
},
"vendor_name": "Olive Design"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wp-olivecart.com/news/20160925.html",
"refsource" : "CONFIRM",
"url" : "http://www.wp-olivecart.com/news/20160925.html"
},
{
"name" : "JVN#14567604",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN14567604/index.html"
},
{
"name" : "JVNDB-2016-000210",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000210.html"
},
{
"name" : "93790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93790"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wp-olivecart.com/news/20160925.html",
"refsource": "CONFIRM",
"url": "http://www.wp-olivecart.com/news/20160925.html"
},
{
"name": "JVNDB-2016-000210",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000210.html"
},
{
"name": "93790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93790"
},
{
"name": "JVN#14567604",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14567604/index.html"
}
]
}
}

158
2016/4xxx/CVE-2016-4945.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160527 [CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/538515/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html"
},
{
"name" : "http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt",
"refsource" : "MISC",
"url" : "http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt"
},
{
"name" : "http://support.citrix.com/article/CTX213313",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX213313"
},
{
"name" : "1036020",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036020"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137221/Citrix-Netscaler-11.0-Build-64.35-Cross-Site-Scripting.html"
},
{
"name": "20160527 [CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538515/100/0/threaded"
},
{
"name": "1036020",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036020"
},
{
"name": "http://support.citrix.com/article/CTX213313",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX213313"
},
{
"name": "http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt",
"refsource": "MISC",
"url": "http://persicon.com/tl_files/advisories/PERSICON-advisory-2016-No-1-citrix.txt"
}
]
}
}

32
2019/0xxx/CVE-2019-0049.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0049",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0049",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/0xxx/CVE-2019-0097.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0097",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0097",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/0xxx/CVE-2019-0273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0273",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0273",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/0xxx/CVE-2019-0431.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0431",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0431",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3048.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3048",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3048",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3107.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3107",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3107",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3332",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3332",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4013.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4013",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4013",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4522.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4522",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4522",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4625.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4625",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4625",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/4xxx/CVE-2019-4894.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4894",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4894",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7262.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7262",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7262",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7618.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7618",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7618",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7763.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7763",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7763",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8481.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8481",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8481",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8642",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8778.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8778",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8778",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8990.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8990",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8990",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/9xxx/CVE-2019-9474.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9474",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9474",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2019/9xxx/CVE-2019-9693.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_data.php&rev=47",
"refsource" : "MISC",
"url" : "http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_data.php&rev=47"
},
{
"name" : "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285",
"refsource" : "MISC",
"url" : "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285",
"refsource": "MISC",
"url": "https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=80285"
},
{
"name": "http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_data.php&rev=47",
"refsource": "MISC",
"url": "http://viewsvn.cmsmadesimple.org/diff.php?repname=showtime2&path=%2Ftrunk%2Flib%2Fclass.showtime2_data.php&rev=47"
}
]
}
}