admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:29:16 +00:00
parent b50128b05e
commit 21549b08c8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 3840 additions and 3840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
1999/0xxx/CVE-1999-0011.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980603-01-PX",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX"
},
{
"name" : "HPSBUX9808-083",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083"
},
{
"name" : "00180",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980603-01-PX",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX"
},
{
"name": "HPSBUX9808-083",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083"
},
{
"name": "00180",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180"
}
]
}
}

120
1999/0xxx/CVE-1999-0855.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in FreeBSD gdc program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FreeBSD gdc program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/834"
}
]
}
}

150
1999/1xxx/CVE-1999-1204.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default \"ANY\" address and result in access to more systems than intended by the administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980511 Firewall-1 Reserved Keywords Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90221101925912&w=2"
},
{
"name" : "http://www.checkpoint.com/techsupport/config/keywords.html",
"refsource" : "CONFIRM",
"url" : "http://www.checkpoint.com/techsupport/config/keywords.html"
},
{
"name" : "fw1-user-defined-keywords-access(7293)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7293"
},
{
"name" : "4416",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default \"ANY\" address and result in access to more systems than intended by the administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4416",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4416"
},
{
"name": "http://www.checkpoint.com/techsupport/config/keywords.html",
"refsource": "CONFIRM",
"url": "http://www.checkpoint.com/techsupport/config/keywords.html"
},
{
"name": "fw1-user-defined-keywords-access(7293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7293"
},
{
"name": "19980511 Firewall-1 Reserved Keywords Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221101925912&w=2"
}
]
}
}

140
1999/1xxx/CVE-1999-1206.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990729 New ActiveX security problems in Windows 98 PCs",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=93336970231857&w=2"
},
{
"name" : "http://www.systemsoft.com/l-2/l-3/support-systemwizard.htm",
"refsource" : "CONFIRM",
"url" : "http://www.systemsoft.com/l-2/l-3/support-systemwizard.htm"
},
{
"name" : "555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via a malicious web page that references (1) the Launch control, or (2) the RegObj control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990729 New ActiveX security problems in Windows 98 PCs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=93336970231857&w=2"
},
{
"name": "http://www.systemsoft.com/l-2/l-3/support-systemwizard.htm",
"refsource": "CONFIRM",
"url": "http://www.systemsoft.com/l-2/l-3/support-systemwizard.htm"
},
{
"name": "555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/555"
}
]
}
}

130
1999/1xxx/CVE-1999-1427.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1427",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "00145",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145"
},
{
"name" : "208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/208"
},
{
"name": "00145",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145"
}
]
}
}

130
2000/0xxx/CVE-2000-0187.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000227 EZ Shopper 3.0 shopping cart CGI remote command execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-02/0356.html"
},
{
"name" : "1014",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1014"
},
{
"name": "20000227 EZ Shopper 3.0 shopping cart CGI remote command execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0356.html"
}
]
}
}

140
2000/0xxx/CVE-2000-0272.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000420 Remote DoS attack in Real Networks Real Server Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=95625288231045&w=2"
},
{
"name" : "http://service.real.com/help/faq/servg270.html",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/help/faq/servg270.html"
},
{
"name" : "1128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1128"
},
{
"name": "20000420 Remote DoS attack in Real Networks Real Server Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=95625288231045&w=2"
},
{
"name": "http://service.real.com/help/faq/servg270.html",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/servg270.html"
}
]
}
}

150
2000/0xxx/CVE-2000-0350.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityfocus.com/templates/advisory.html?id=2220",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/templates/advisory.html?id=2220"
},
{
"name" : "http://advice.networkice.com/advice/Support/KB/q000166/",
"refsource" : "CONFIRM",
"url" : "http://advice.networkice.com/advice/Support/KB/q000166/"
},
{
"name" : "1216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1216"
},
{
"name" : "312",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/312"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1216"
},
{
"name": "312",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/312"
},
{
"name": "http://advice.networkice.com/advice/Support/KB/q000166/",
"refsource": "CONFIRM",
"url": "http://advice.networkice.com/advice/Support/KB/q000166/"
},
{
"name": "http://www.securityfocus.com/templates/advisory.html?id=2220",
"refsource": "MISC",
"url": "http://www.securityfocus.com/templates/advisory.html?id=2220"
}
]
}
}

130
2000/0xxx/CVE-2000-0441.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ERS-OAR-E01-2000:087.1",
"refsource" : "IBM",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html"
},
{
"name" : "1241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ERS-OAR-E01-2000:087.1",
"refsource": "IBM",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html"
},
{
"name": "1241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1241"
}
]
}
}

150
2000/0xxx/CVE-2000-0722.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000819 Multiple Local Vulnerabilities in Helix Gnome Installer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13QAYl-0007il-00@the-village.bc.nu"
},
{
"name" : "20000820 Helix Code Security Advisory - Helix GNOME Update",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0240.html"
},
{
"name" : "20000820 [Helix Beta] Helix Code Security Advisory - Helix GNOME Installer",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0251.html"
},
{
"name" : "1593",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1593"
},
{
"name": "20000819 Multiple Local Vulnerabilities in Helix Gnome Installer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13QAYl-0007il-00@the-village.bc.nu"
},
{
"name": "20000820 Helix Code Security Advisory - Helix GNOME Update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0240.html"
},
{
"name": "20000820 [Helix Beta] Helix Code Security Advisory - Helix GNOME Installer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0251.html"
}
]
}
}

140
2000/0xxx/CVE-2000-0776.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html"
},
{
"name" : "1568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1568"
},
{
"name" : "mediahouse-stats-livestats-bo(5113)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mediahouse-stats-livestats-bo(5113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5113"
},
{
"name": "1568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1568"
},
{
"name": "20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html"
}
]
}
}

200
2000/0xxx/CVE-2000-0913.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000929 Security vulnerability in Apache mod_rewrite",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html"
},
{
"name" : "MDKSA-2000:060",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1"
},
{
"name" : "RHSA-2000:088",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-088.html"
},
{
"name" : "RHSA-2000:095",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-095.html"
},
{
"name" : "CSSA-2000-035.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt"
},
{
"name" : "HPSBUX0010-126",
"refsource" : "HP",
"url" : "http://archives.neohapsis.com/archives/hp/2000-q4/0021.html"
},
{
"name" : "20001011 Conectiva Linux Security Announcement - apache",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html"
},
{
"name" : "1728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1728"
},
{
"name" : "apache-rewrite-view-files(5310)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2000:095",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-095.html"
},
{
"name": "HPSBUX0010-126",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2000-q4/0021.html"
},
{
"name": "RHSA-2000:088",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-088.html"
},
{
"name": "20000929 Security vulnerability in Apache mod_rewrite",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html"
},
{
"name": "20001011 Conectiva Linux Security Announcement - apache",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html"
},
{
"name": "1728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1728"
},
{
"name": "apache-rewrite-view-files(5310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5310"
},
{
"name": "CSSA-2000-035.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt"
},
{
"name": "MDKSA-2000:060",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1"
}
]
}
}

150
2000/0xxx/CVE-2000-0951.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "A100400-1",
"refsource" : "ATSTAKE",
"url" : "http://www.atstake.com/research/advisories/2000/a100400-1.txt"
},
{
"name" : "Q272079",
"refsource" : "MSKB",
"url" : "http://www.microsoft.com/technet/support/kb.asp?ID=272079"
},
{
"name" : "1756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1756"
},
{
"name" : "iis-index-dir-traverse(5335)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1756"
},
{
"name": "Q272079",
"refsource": "MSKB",
"url": "http://www.microsoft.com/technet/support/kb.asp?ID=272079"
},
{
"name": "A100400-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2000/a100400-1.txt"
},
{
"name": "iis-index-dir-traverse(5335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5335"
}
]
}
}

160
2007/1xxx/CVE-2007-1009.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070416 SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466035/100/0/threaded"
},
{
"name" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt",
"refsource" : "MISC",
"url" : "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt"
},
{
"name" : "22643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22643"
},
{
"name" : "ADV-2007-1433",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1433"
},
{
"name" : "2596",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2596",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2596"
},
{
"name": "ADV-2007-1433",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1433"
},
{
"name": "20070416 SYMSA-2007-003 Macrovision InstallAnywhere Password and Serial Number Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466035/100/0/threaded"
},
{
"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-003.txt"
},
{
"name": "22643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22643"
}
]
}
}

160
2007/1xxx/CVE-2007-1191.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070228 Quicksilver Social Bookmark plugin v.8F: password in clear text",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052722.html"
},
{
"name" : "22752",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22752"
},
{
"name" : "34486",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34486"
},
{
"name" : "2368",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2368"
},
{
"name" : "socialbookmarks-password-plaintext(32721)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22752"
},
{
"name": "socialbookmarks-password-plaintext(32721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32721"
},
{
"name": "2368",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2368"
},
{
"name": "34486",
"refsource": "OSVDB",
"url": "http://osvdb.org/34486"
},
{
"name": "20070228 Quicksilver Social Bookmark plugin v.8F: password in clear text",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052722.html"
}
]
}
}

140
2007/1xxx/CVE-2007-1964.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070330 Mybb Change Password Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name" : "2544",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2544"
},
{
"name" : "mybb-debugmode-information-disclosure(33345)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070330 Mybb Change Password Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464267/100/100/threaded"
},
{
"name": "mybb-debugmode-information-disclosure(33345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33345"
},
{
"name": "2544",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2544"
}
]
}
}

160
2007/5xxx/CVE-2007-5362.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25960"
},
{
"name" : "38586",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38586"
},
{
"name" : "38587",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38587"
},
{
"name" : "38588",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38588"
},
{
"name" : "mosmedialite451-mosconfig-file-include(37015)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38588",
"refsource": "OSVDB",
"url": "http://osvdb.org/38588"
},
{
"name": "38587",
"refsource": "OSVDB",
"url": "http://osvdb.org/38587"
},
{
"name": "38586",
"refsource": "OSVDB",
"url": "http://osvdb.org/38586"
},
{
"name": "25960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25960"
},
{
"name": "mosmedialite451-mosconfig-file-include(37015)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37015"
}
]
}
}

160
2007/5xxx/CVE-2007-5478.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071015 Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/482303/100/0/threaded"
},
{
"name" : "26082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26082"
},
{
"name" : "40165",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40165"
},
{
"name" : "3240",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3240"
},
{
"name" : "stringbeans-projectname-xss(37266)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071015 Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482303/100/0/threaded"
},
{
"name": "26082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26082"
},
{
"name": "stringbeans-projectname-xss(37266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37266"
},
{
"name": "40165",
"refsource": "OSVDB",
"url": "http://osvdb.org/40165"
},
{
"name": "3240",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3240"
}
]
}
}

210
2007/5xxx/CVE-2007-5540.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/support/search/view/867/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/view/867/"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=196164",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=196164"
},
{
"name" : "GLSA-200710-31",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200710-31.xml"
},
{
"name" : "SUSE-SR:2007:022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name" : "26102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26102"
},
{
"name" : "ADV-2007-3529",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3529"
},
{
"name" : "38127",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38127"
},
{
"name" : "27277",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27277"
},
{
"name" : "27431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27431"
},
{
"name" : "27399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38127",
"refsource": "OSVDB",
"url": "http://osvdb.org/38127"
},
{
"name": "27431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27431"
},
{
"name": "26102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26102"
},
{
"name": "GLSA-200710-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-31.xml"
},
{
"name": "http://www.opera.com/support/search/view/867/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/867/"
},
{
"name": "27399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27399"
},
{
"name": "27277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27277"
},
{
"name": "ADV-2007-3529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3529"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=196164",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=196164"
}
]
}
}

34
2015/3xxx/CVE-2015-3555.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3555",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3555",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2015/3xxx/CVE-2015-3811.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2015-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2015-14.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3277",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3277"
},
{
"name" : "GLSA-201510-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201510-03"
},
{
"name" : "RHSA-2017:0631",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0631.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0631",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0631.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978"
},
{
"name": "DSA-3277",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3277"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "GLSA-201510-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-03"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2015-14.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2015-14.html"
}
]
}
}

170
2015/3xxx/CVE-2015-3828.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-3828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1"
},
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-448928",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-448928"
},
{
"name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm",
"refsource" : "CONFIRM",
"url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm"
},
{
"name" : "76052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76052"
},
{
"name" : "1033094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033094"
},
{
"name": "76052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76052"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-448928.htm"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/f4f7e0c102819f039ebb1972b3dba1d3186bc1d1"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-448928",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-448928"
},
{
"name": "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
}
]
}
}

34
2015/7xxx/CVE-2015-7026.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7026",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-7026",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

200
2015/7xxx/CVE-2015-7101.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205635",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205635"
},
{
"name" : "https://support.apple.com/HT205639",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205639"
},
{
"name" : "https://support.apple.com/HT205640",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205640"
},
{
"name" : "https://support.apple.com/kb/HT205636",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205636"
},
{
"name" : "APPLE-SA-2015-12-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name" : "APPLE-SA-2015-12-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"name" : "APPLE-SA-2015-12-08-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
},
{
"name" : "78726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78726"
},
{
"name" : "1034341",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205635",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205635"
},
{
"name": "https://support.apple.com/kb/HT205636",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205636"
},
{
"name": "APPLE-SA-2015-12-08-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
},
{
"name": "APPLE-SA-2015-12-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name": "https://support.apple.com/HT205639",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205639"
},
{
"name": "https://support.apple.com/HT205640",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205640"
},
{
"name": "1034341",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034341"
},
{
"name": "APPLE-SA-2015-12-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"name": "78726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78726"
}
]
}
}

150
2015/7xxx/CVE-2015-7235.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38187",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38187/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8193",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8193"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendar",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendar"
},
{
"name" : "https://wordpress.org/plugins/cp-reservation-calendar/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/cp-reservation-calendar/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/cp-reservation-calendar/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/cp-reservation-calendar/changelog/"
},
{
"name": "38187",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38187/"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendar",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendar"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8193",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8193"
}
]
}
}

130
2015/7xxx/CVE-2015-7939.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-001",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-001"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02A",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02A"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-274-02A"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-001",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-001"
}
]
}
}

140
2015/8xxx/CVE-2015-8153.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-8153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00"
},
{
"name" : "84354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84354"
},
{
"name" : "1035329",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035329"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035329",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035329"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00"
},
{
"name": "84354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84354"
}
]
}
}

140
2015/8xxx/CVE-2015-8234.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-8234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151117 CVE request for vulnerability in OpenStack Glance",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q4/303"
},
{
"name" : "https://bugs.launchpad.net/glance/+bug/1516031",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/glance/+bug/1516031"
},
{
"name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0061",
"refsource" : "CONFIRM",
"url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0061"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151117 CVE request for vulnerability in OpenStack Glance",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q4/303"
},
{
"name": "https://wiki.openstack.org/wiki/OSSN/OSSN-0061",
"refsource": "CONFIRM",
"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0061"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1516031",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/glance/+bug/1516031"
}
]
}
}

150
2015/8xxx/CVE-2015-8249.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38982",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38982/"
},
{
"name" : "http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.html"
},
{
"name" : "http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_write",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_write"
},
{
"name" : "https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134806/ManageEngine-Desktop-Central-9-FileUploadServlet-ConnectionId.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_write",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/windows/http/manageengine_connectionid_write"
},
{
"name": "38982",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38982/"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2015/12/14/r7-2015-22-manageengine-desktop-central-9-fileuploadservlet-connectionid-vulnerability-cve-2015-8249"
}
]
}
}

140
2015/8xxx/CVE-2015-8261.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-8261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39231",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39231/"
},
{
"name" : "VU#753264",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/753264"
},
{
"name" : "1034613",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034613",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034613"
},
{
"name": "VU#753264",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/753264"
},
{
"name": "39231",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39231/"
}
]
}
}

130
2015/8xxx/CVE-2015-8378.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8378",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/791858",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/791858"
},
{
"name" : "https://www.keepassx.org/changelog",
"refsource" : "CONFIRM",
"url" : "https://www.keepassx.org/changelog"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/791858",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/791858"
},
{
"name": "https://www.keepassx.org/changelog",
"refsource": "CONFIRM",
"url": "https://www.keepassx.org/changelog"
}
]
}
}

130
2016/0xxx/CVE-2016-0462.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-0462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "1034720",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "1034720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034720"
}
]
}
}

150
2016/1xxx/CVE-2016-1046.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-294",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-294"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "90512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90512"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1075, CVE-2016-1094, CVE-2016-1121, CVE-2016-1122, CVE-2016-4102, and CVE-2016-4107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "90512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90512"
},
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-294",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-294"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

150
2016/1xxx/CVE-2016-1079.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-1079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-326",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-326"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
},
{
"name" : "90511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90511"
},
{
"name" : "1035828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors, a different vulnerability than CVE-2016-1092."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-326",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-326"
},
{
"name": "1035828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035828"
},
{
"name": "90511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90511"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-14.html"
}
]
}
}

120
2016/1xxx/CVE-2016-1443.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160706 Cisco AMP Threat Grid Unauthorized Clean IP Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-tg"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160706 Cisco AMP Threat Grid Unauthorized Clean IP Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-tg"
}
]
}
}

240
2016/1xxx/CVE-2016-1666.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=601001",
"refsource" : "CONFIRM",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=605491",
"refsource" : "CONFIRM",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"name" : "https://crbug.com/607652",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/607652"
},
{
"name" : "DSA-3564",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3564"
},
{
"name" : "GLSA-201605-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201605-02"
},
{
"name" : "RHSA-2016:0707",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name" : "openSUSE-SU-2016:1655",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name" : "openSUSE-SU-2016:1207",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:1208",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name" : "openSUSE-SU-2016:1209",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name" : "USN-2960-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name" : "89106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/89106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=601001"
},
{
"name": "openSUSE-SU-2016:1208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html"
},
{
"name": "DSA-3564",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3564"
},
{
"name": "openSUSE-SU-2016:1655",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=605491"
},
{
"name": "https://crbug.com/607652",
"refsource": "CONFIRM",
"url": "https://crbug.com/607652"
},
{
"name": "openSUSE-SU-2016:1209",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html"
},
{
"name": "USN-2960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2960-1"
},
{
"name": "89106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/89106"
},
{
"name": "openSUSE-SU-2016:1207",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html"
},
{
"name": "RHSA-2016:0707",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0707.html"
},
{
"name": "GLSA-201605-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-02"
}
]
}
}

150
2016/1xxx/CVE-2016-1776.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT206173",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206173"
},
{
"name" : "APPLE-SA-2016-03-21-7",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
},
{
"name" : "85054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85054"
},
{
"name" : "1035342",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035342"
},
{
"name": "85054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85054"
},
{
"name": "https://support.apple.com/HT206173",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206173"
},
{
"name": "APPLE-SA-2016-03-21-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html"
}
]
}
}

200
2016/1xxx/CVE-2016-1885.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160316 Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537813/100/0/threaded"
},
{
"name" : "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537812/100/0/threaded"
},
{
"name" : "39570",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39570/"
},
{
"name" : "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Mar/56"
},
{
"name" : "20160317 Re: [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Mar/67"
},
{
"name" : "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html"
},
{
"name" : "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow"
},
{
"name" : "FreeBSD-SA-16:15",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc"
},
{
"name" : "1035309",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39570",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39570/"
},
{
"name": "FreeBSD-SA-16:15",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.asc"
},
{
"name": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflow"
},
{
"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/56"
},
{
"name": "20160317 Re: [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/67"
},
{
"name": "1035309",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035309"
},
{
"name": "20160316 Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537813/100/0/threaded"
},
{
"name": "20160316 [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537812/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.html"
}
]
}
}

220
2016/5xxx/CVE-2016-5265.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-80.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-80.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1278013",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1278013"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "DSA-3640",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3640"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:1551",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
},
{
"name" : "openSUSE-SU-2016:1964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2016:2026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
},
{
"name" : "USN-3044-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name" : "92258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92258"
},
{
"name" : "1036508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3640",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3640"
},
{
"name": "1036508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036508"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1278013",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1278013"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-80.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-80.html"
},
{
"name": "USN-3044-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name": "92258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92258"
},
{
"name": "RHSA-2016:1551",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "openSUSE-SU-2016:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name": "openSUSE-SU-2016:2026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
}
]
}
}

190
2016/5xxx/CVE-2016-5309.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-5309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40405",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40405/"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=867",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00"
},
{
"name" : "92868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92868"
},
{
"name" : "1036847",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036847"
},
{
"name" : "1036848",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036848"
},
{
"name" : "1036849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036849"
},
{
"name" : "1036850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00"
},
{
"name": "1036848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036848"
},
{
"name": "92868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92868"
},
{
"name": "40405",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40405/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=867"
},
{
"name": "1036849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036849"
},
{
"name": "1036847",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036847"
},
{
"name": "1036850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036850"
}
]
}
}

34
2016/5xxx/CVE-2016-5380.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5380",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5380",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/5xxx/CVE-2016-5825.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160625 Re: libical 0.47 SEGV on unknown address",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/25/4"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1280832",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1280832"
},
{
"name" : "91459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1280832",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1280832"
},
{
"name": "91459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91459"
},
{
"name": "[oss-security] 20160625 Re: libical 0.47 SEGV on unknown address",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/25/4"
}
]
}
}

212
2018/2xxx/CVE-2018-2422.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Internet Graphics Server (IGS)",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "7.20"
},
{
"version_affected" : "=",
"version_value" : "7.20EXT"
},
{
"version_affected" : "=",
"version_value" : "7.45"
},
{
"version_affected" : "=",
"version_value" : "7.49"
},
{
"version_affected" : "=",
"version_value" : "7.53"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial-of-Service"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server (IGS)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2617553",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2617553"
},
{
"name" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
},
{
"name" : "104110",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104110"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104110"
},
{
"name": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2617553",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2617553"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/2xxx/CVE-2018-2556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/2xxx/CVE-2018-2706.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Banking Corporate Lending",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.4.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Banking Corporate Lending",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "12.4.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "102543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102543"
},
{
"name" : "1040214",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1040214",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040214"
},
{
"name": "102543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102543"
}
]
}
}

34
2019/0xxx/CVE-2019-0090.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0090",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0090",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0327.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0327",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0327",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0328.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0328",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0328",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0857.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0857",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0857",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2019/1000xxx/CVE-2019-1000019.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2019-01-22T21:21:10.025460",
"DATE_REQUESTED" : "2019-01-17T00:55:44",
"ID" : "CVE-2019-1000019",
"REQUESTER" : "dja@axtens.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-01-22T21:21:10.025460",
"DATE_REQUESTED": "2019-01-17T00:55:44",
"ID": "CVE-2019-1000019",
"REQUESTER": "dja@axtens.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190207 [SECURITY] [DLA 1668-1] libarchive security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html"
},
{
"name" : "https://github.com/libarchive/libarchive/pull/1120",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/pull/1120"
},
{
"name" : "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1"
},
{
"name" : "USN-3884-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3884-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libarchive/libarchive/pull/1120",
"refsource": "MISC",
"url": "https://github.com/libarchive/libarchive/pull/1120"
},
{
"name": "USN-3884-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3884-1/"
},
{
"name": "[debian-lts-announce] 20190207 [SECURITY] [DLA 1668-1] libarchive security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html"
},
{
"name": "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1",
"refsource": "MISC",
"url": "https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1"
}
]
}
}

34
2019/1xxx/CVE-2019-1066.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1066",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1066",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2019/1xxx/CVE-2019-1595.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1595",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco NX-OS Software",
"version" : {
"version_data" : [
{
"version_value" : "7.3(5)N1(1)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.4",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-913"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1595",
"STATE": "PUBLIC",
"TITLE": "Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco NX-OS Software",
"version": {
"version_data": [
{
"version_value": "7.3(5)N1(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
},
{
"name" : "107320",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107320"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-nexus-fbr-dos",
"defect" : [
[
"CSCvn24414"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107320"
},
{
"name": "20190306 Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nexus-fbr-dos",
"defect": [
[
"CSCvn24414"
]
],
"discovery": "INTERNAL"
}
}

180
2019/1xxx/CVE-2019-1618.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1618",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode ",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "7.0(3)I7(5)"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.8",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-275"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID": "CVE-2019-1618",
"STATE": "PUBLIC",
"TITLE": "Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "7.0(3)I7(5)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190306 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace"
},
{
"name" : "107322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107322"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190306-tetra-ace",
"defect" : [
[
"CSCvh21898"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to an incorrect permissions setting. An attacker could exploit this vulnerability by replacing valid agent files with malicious code. A successful exploit could result in the execution of code supplied by the attacker. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running versions prior to 7.0(3)I7(5)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107322"
},
{
"name": "20190306 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Tetration Analytics Agent Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-tetra-ace",
"defect": [
[
"CSCvh21898"
]
],
"discovery": "INTERNAL"
}
}

34
2019/1xxx/CVE-2019-1863.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1863",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1863",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1980.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1980",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1980",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4469.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4469",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4469",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4621.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4621",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4621",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4781.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4781",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4781",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4988.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4988",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4988",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5040.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5040",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5040",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5189.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5189",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5189",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5586.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5586",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5586",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5906",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5906",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9245.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9245",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9245",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9586.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9586",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9586",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}