admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:09:19 +00:00
parent ef044dae77
commit 31d1eda3cf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
38 changed files with 2342 additions and 2337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0327.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0327", "ID": "CVE-1999-0327",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SGI syserr program allows local users to corrupt files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19971103-01-PX", "description_data": [
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX" "lang": "eng",
} "value": "SGI syserr program allows local users to corrupt files."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19971103-01-PX",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX"
}
]
}
}

120
1999/0xxx/CVE-1999-0395.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0395", "ID": "CVE-1999-0395",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19990118 Vulnerability in the BackWeb Polite Agent Protocol", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/alerts/advise17.php" "lang": "eng",
} "value": "A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990118 Vulnerability in the BackWeb Polite Agent Protocol",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise17.php"
}
]
}
}

140
1999/1xxx/CVE-1999-1167.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1167", "ID": "CVE-1999-1167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wired.com/news/technology/0,1282,20677,00.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wired.com/news/technology/0,1282,20677,00.html" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation."
{ }
"name" : "http://www.wired.com/news/technology/0,1282,20636,00.html", ]
"refsource" : "MISC", },
"url" : "http://www.wired.com/news/technology/0,1282,20636,00.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "thirdvoice-cross-site-scripting(7252)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7252.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "thirdvoice-cross-site-scripting(7252)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7252.php"
},
{
"name": "http://www.wired.com/news/technology/0,1282,20636,00.html",
"refsource": "MISC",
"url": "http://www.wired.com/news/technology/0,1282,20636,00.html"
},
{
"name": "http://www.wired.com/news/technology/0,1282,20677,00.html",
"refsource": "CONFIRM",
"url": "http://www.wired.com/news/technology/0,1282,20677,00.html"
}
]
}
}

140
2000/1xxx/CVE-2000-1197.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1197", "ID": "CVE-2000-1197",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20000420 pop3d/imap DOS (while we're on the subject)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=95624629924545&w=2" "lang": "eng",
}, "value": "POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes."
{ }
"name" : "FreeBSD-SA-00:15", ]
"refsource" : "FREEBSD", },
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1132", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1132" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:15",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc"
},
{
"name": "20000420 pop3d/imap DOS (while we're on the subject)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=95624629924545&w=2"
},
{
"name": "1132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1132"
}
]
}
}

130
2005/2xxx/CVE-2005-2211.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2211", "ID": "CVE-2005-2211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sukria.net/packages/backup-manager/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.sukria.net/packages/backup-manager/" "lang": "eng",
}, "value": "Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR."
{ }
"name" : "15989", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/15989" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15989"
},
{
"name": "http://www.sukria.net/packages/backup-manager/",
"refsource": "CONFIRM",
"url": "http://www.sukria.net/packages/backup-manager/"
}
]
}
}

150
2007/5xxx/CVE-2007-5177.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5177", "ID": "CVE-2007-5177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4469", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4469" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter."
{ }
"name" : "25865", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25865" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38590", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38590" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mambo-mambads-index-sql-injection(36875)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36875" ]
} },
] "references": {
} "reference_data": [
} {
"name": "mambo-mambads-index-sql-injection(36875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36875"
},
{
"name": "25865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25865"
},
{
"name": "38590",
"refsource": "OSVDB",
"url": "http://osvdb.org/38590"
},
{
"name": "4469",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4469"
}
]
}
}

150
2007/5xxx/CVE-2007-5363.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5363", "ID": "CVE-2007-5363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "25946", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25946" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "ADV-2007-3428", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2007/3428" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38585", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38585" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "joomla-panoramic-file-include(36992)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36992" ]
} },
] "references": {
} "reference_data": [
} {
"name": "joomla-panoramic-file-include(36992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36992"
},
{
"name": "ADV-2007-3428",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3428"
},
{
"name": "38585",
"refsource": "OSVDB",
"url": "http://osvdb.org/38585"
},
{
"name": "25946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25946"
}
]
}
}

130
2007/5xxx/CVE-2007-5684.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-5684", "ID": "CVE-2007-5684",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071025 TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/482801/30/0/threaded" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded \"..%2F\" sequences in the imp_language parameter to tiki-imexport_languages.php."
{ }
"name" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=15", ]
"refsource" : "CONFIRM", },
"url" : "http://info.tikiwiki.org/tiki-read_article.php?articleId=15" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/tiki-read_article.php?articleId=15"
},
{
"name": "20071025 TikiWiki <= 1.9.8.1 Cross Site Scripting / Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482801/30/0/threaded"
}
]
}
}

160
2009/2xxx/CVE-2009-2282.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2282", "ID": "CVE-2009-2282",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1" "lang": "eng",
}, "value": "The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors."
{ }
"name" : "262708", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262708-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35502", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35502" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "55329", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/55329" ]
}, },
{ "references": {
"name" : "35547", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35547" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1",
} "refsource": "CONFIRM",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1"
} },
} {
"name": "262708",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262708-1"
},
{
"name": "35547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35547"
},
{
"name": "55329",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55329"
},
{
"name": "35502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35502"
}
]
}
}

170
2009/2xxx/CVE-2009-2785.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2785", "ID": "CVE-2009-2785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php."
{ }
"name" : "56657", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/56657" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "56658", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/56658" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56659", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/56659" ]
}, },
{ "references": {
"name" : "35929", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35929" "name": "phpopenclassifieds-buy-contact-xss(52123)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52123"
"name" : "phpopenclassifieds-buy-contact-xss(52123)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52123" "name": "56657",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/56657"
} },
} {
"name": "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/openclassifieds-xss.txt"
},
{
"name": "56659",
"refsource": "OSVDB",
"url": "http://osvdb.org/56659"
},
{
"name": "56658",
"refsource": "OSVDB",
"url": "http://osvdb.org/56658"
},
{
"name": "35929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35929"
}
]
}
}

130
2015/0xxx/CVE-2015-0106.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-0106", "ID": "CVE-2015-0106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694935", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694935" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "JR50795", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694935",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694935"
},
{
"name": "JR50795",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795"
}
]
}
}

200
2015/0xxx/CVE-2015-0819.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2015-0819", "ID": "CVE-2015-0819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html" "lang": "eng",
}, "value": "The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201504-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201504-01" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:0404", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-26.html"
"name" : "openSUSE-SU-2015:0570", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079554"
"name" : "USN-2505-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2505-1" "name": "72759",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/72759"
"name" : "72759", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72759" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "1031791", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031791" "name": "openSUSE-SU-2015:0404",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1031791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031791"
},
{
"name": "openSUSE-SU-2015:0570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html"
},
{
"name": "USN-2505-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2505-1"
}
]
}
}

34
2015/3xxx/CVE-2015-3499.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3499", "ID": "CVE-2015-3499",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2015/3xxx/CVE-2015-3511.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-3511", "ID": "CVE-2015-3511",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2015/4xxx/CVE-2015-4092.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4092", "ID": "CVE-2015-4092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150817 [ERPSCAN-15-012] SAP Afaria 7 XComms &acirc;?? Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/536238/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Security Note 2153690."
{ }
"name" : "20150522 SAP Security Notes May 2015", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/May/96" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof", "description": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "74797", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/74797" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-15-012-sap-afaria-7-xcomms-bof"
},
{
"name": "20150817 [ERPSCAN-15-012] SAP Afaria 7 XComms &acirc;?? Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536238/100/0/threaded"
},
{
"name": "20150522 SAP Security Notes May 2015",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/96"
},
{
"name": "74797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74797"
}
]
}
}

150
2015/4xxx/CVE-2015-4093.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4093", "ID": "CVE-2015-4093",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150609 Kibana vulnerability CVE-2015-4093", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535726/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.elastic.co/community/security/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.elastic.co/community/security/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "75107", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/75107" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20150609 Kibana vulnerability CVE-2015-4093",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535726/100/0/threaded"
},
{
"name": "75107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75107"
},
{
"name": "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html"
},
{
"name": "https://www.elastic.co/community/security/",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security/"
}
]
}
}

170
2015/4xxx/CVE-2015-4108.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4108", "ID": "CVE-2015-4108",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150605 Wing FTP Server Remote Code Execution vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535686/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP Server before 4.4.7 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code via a crafted request to admin_lua_script.html or (2) add a domain administrator via a crafted request to admin_addadmin.html."
{ }
"name" : "20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/535681/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535685/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html" "name": "20150605 [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/535681/100/0/threaded"
"name" : "http://www.wftpserver.com/serverhistory.htm", },
"refsource" : "CONFIRM", {
"url" : "http://www.wftpserver.com/serverhistory.htm" "name": "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/132180/Wing-FTP-4.4.6-Cross-Site-Request-Forgery.html"
} },
} {
"name": "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132179/Wing-FTP-4.4.6-Code-Execution-Cross-Site-Request-Forgery.html"
},
{
"name": "20150605 Wing FTP Server Remote Code Execution vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535686/100/0/threaded"
},
{
"name": "http://www.wftpserver.com/serverhistory.htm",
"refsource": "CONFIRM",
"url": "http://www.wftpserver.com/serverhistory.htm"
},
{
"name": "20150605 [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535685/100/0/threaded"
}
]
}
}

140
2015/4xxx/CVE-2015-4212.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4212", "ID": "CVE-2015-4212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467" "lang": "eng",
}, "value": "Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466."
{ }
"name" : "75381", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75381" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032705", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032705" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20150623 Cisco WebEx Meeting Center Data and Credential Exposure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39467"
},
{
"name": "75381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75381"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}

150
2015/4xxx/CVE-2015-4392.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4392", "ID": "CVE-2015-4392",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings."
{ }
"name" : "https://www.drupal.org/node/2471733", ]
"refsource" : "MISC", },
"url" : "https://www.drupal.org/node/2471733" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.drupal.org/node/2471721", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.drupal.org/node/2471721" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "74362", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/74362" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "https://www.drupal.org/node/2471721",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2471721"
},
{
"name": "https://www.drupal.org/node/2471733",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2471733"
},
{
"name": "74362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74362"
}
]
}
}

130
2015/4xxx/CVE-2015-4527.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2015-4527", "ID": "CVE-2015-4527",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2015/Jul/110" "lang": "eng",
}, "value": "Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters."
{ }
"name" : "1033026", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033026" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150722 ESA-2015-118: EMC Avamar Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/110"
},
{
"name": "1033026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033026"
}
]
}
}

140
2015/8xxx/CVE-2015-8300.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8300", "ID": "CVE-2015-8300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for \"Program Files (x86)\\polycom\\polycom btoe connector\\plcmbtoesrv.exe,\" which allows local users to gain privileges via a Trojan horse file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20151124 CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Nov/88" "lang": "eng",
}, "value": "Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for \"Program Files (x86)\\polycom\\polycom btoe connector\\plcmbtoesrv.exe,\" which allows local users to gain privileges via a Trojan horse file."
{ }
"name" : "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134523/Polycom-BTOE-Connector-2.3.0-Local-Privilege-Escalation.html"
},
{
"name": "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513",
"refsource": "MISC",
"url": "https://github.com/sbaresearch/advisories/tree/public/2015/Polycom_20150513"
},
{
"name": "20151124 CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Nov/88"
}
]
}
}

120
2016/1xxx/CVE-2016-1300.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-1300", "ID": "CVE-2016-1300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160127 Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160127 Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc"
}
]
}
}

280
2016/5xxx/CVE-2016-5147.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2016-5147", "ID": "CVE-2016-5147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://codereview.chromium.org/2155393002", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/2155393002" "lang": "eng",
}, "value": "Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka \"Universal XSS (UXSS).\""
{ }
"name" : "https://codereview.chromium.org/2169453002", ]
"refsource" : "CONFIRM", },
"url" : "https://codereview.chromium.org/2169453002" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codereview.chromium.org/2174263002/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/2174263002/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://codereview.chromium.org/2183423002/", ]
"refsource" : "CONFIRM", }
"url" : "https://codereview.chromium.org/2183423002/" ]
}, },
{ "references": {
"name" : "https://codereview.chromium.org/2190523002/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/2190523002/" "name": "https://crbug.com/628942",
}, "refsource": "CONFIRM",
{ "url": "https://crbug.com/628942"
"name" : "https://codereview.chromium.org/2242923002", },
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/2242923002" "name": "https://codereview.chromium.org/2155393002",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/2155393002"
"name" : "https://crbug.com/628942", },
"refsource" : "CONFIRM", {
"url" : "https://crbug.com/628942" "name": "openSUSE-SU-2016:2250",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
"name" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html", },
"refsource" : "CONFIRM", {
"url" : "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" "name": "https://codereview.chromium.org/2242923002",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/2242923002"
"name" : "DSA-3660", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3660" "name": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html",
}, "refsource": "CONFIRM",
{ "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
"name" : "GLSA-201610-09", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201610-09" "name": "SUSE-SU-2016:2251",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
"name" : "RHSA-2016:1854", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1854.html" "name": "92717",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92717"
"name" : "openSUSE-SU-2016:2349", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html" "name": "1036729",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036729"
"name" : "SUSE-SU-2016:2251", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html" "name": "https://codereview.chromium.org/2169453002",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/2169453002"
"name" : "openSUSE-SU-2016:2250", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html" "name": "https://codereview.chromium.org/2190523002/",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/2190523002/"
"name" : "openSUSE-SU-2016:2296", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html" "name": "openSUSE-SU-2016:2349",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
"name" : "92717", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92717" "name": "https://codereview.chromium.org/2174263002/",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/2174263002/"
"name" : "1036729", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036729" "name": "DSA-3660",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2016/dsa-3660"
} },
} {
"name": "GLSA-201610-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-09"
},
{
"name": "openSUSE-SU-2016:2296",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
},
{
"name": "RHSA-2016:1854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
},
{
"name": "https://codereview.chromium.org/2183423002/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/2183423002/"
}
]
}
}

160
2016/5xxx/CVE-2016-5271.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-5271", "ID": "CVE-2016-5271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a \"display: contents\" Cascading Style Sheets (CSS) property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html" "lang": "eng",
}, "value": "The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a \"display: contents\" Cascading Style Sheets (CSS) property."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201701-15", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-15" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "93052", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/93052" ]
}, },
{ "references": {
"name" : "1036852", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036852" "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html",
} "refsource": "CONFIRM",
] "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"
} },
} {
"name": "93052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93052"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288946"
},
{
"name": "1036852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036852"
}
]
}
}

140
2016/5xxx/CVE-2016-5536.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-5536", "ID": "CVE-2016-5536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281."
{ }
"name" : "93772", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93772" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037051", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037051" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "93772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93772"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1037051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037051"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999033.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-31T15:54:50.974279", "DATE_ASSIGNED": "2018-07-31T15:54:50.974279",
"DATE_REQUESTED" : "2018-07-30T00:00:00", "DATE_REQUESTED": "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999033", "ID": "CVE-2018-1999033",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Anchore Container Image Scanner Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.16 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039" "lang": "eng",
} "value": "An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1039"
}
]
}
}

172
2018/6xxx/CVE-2018-6179.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6179", "ID": "CVE-2018-6179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "68.0.3440.75" "version_value": "68.0.3440.75"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/816685", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/816685" "lang": "eng",
}, "value": "Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension."
{ }
"name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4256", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4256" "lang": "eng",
}, "value": "Insufficient policy enforcement"
{ }
"name" : "GLSA-201808-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201808-01" ]
}, },
{ "references": {
"name" : "RHSA-2018:2282", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2282" "name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
"name" : "104887", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104887" "name": "RHSA-2018:2282",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:2282"
} },
} {
"name": "GLSA-201808-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-01"
},
{
"name": "DSA-4256",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4256"
},
{
"name": "https://crbug.com/816685",
"refsource": "MISC",
"url": "https://crbug.com/816685"
},
{
"name": "104887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104887"
}
]
}
}

243
2018/6xxx/CVE-2018-6554.json
View File

@ -1,121 +1,126 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@ubuntu.com", "ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC" : "2018-09-04T15:00:00.000Z", "DATE_PUBLIC": "2018-09-04T15:00:00.000Z",
"ID" : "CVE-2018-6554", "ID": "CVE-2018-6554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux Kernel", "product_name": "Linux Kernel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 4.17" "version_value": "before 4.17"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux Kernel" "vendor_name": "Linux Kernel"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket", "description_data": [
"refsource" : "MLIST", {
"url" : "https://www.spinics.net/lists/stable/msg255030.html" "lang": "eng",
}, "value": "Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket."
{ }
"name" : "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket", ]
"refsource" : "MLIST", },
"url" : "https://www.spinics.net/lists/stable/msg255034.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" "lang": "eng",
}, "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')"
{ }
"name" : "DSA-4308", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4308" ]
}, },
{ "references": {
"name" : "USN-3775-2", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3775-2/" "name": "USN-3776-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3776-1/"
"name" : "USN-3776-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3776-1/" "name": "USN-3776-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3776-2/"
"name" : "USN-3776-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3776-2/" "name": "USN-3777-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3777-1/"
"name" : "USN-3777-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3777-1/" "name": "USN-3775-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3775-1/"
"name" : "USN-3777-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3777-2/" "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
"name" : "USN-3775-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3775-1/" "name": "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket",
}, "refsource": "MLIST",
{ "url": "https://www.spinics.net/lists/stable/msg255030.html"
"name" : "USN-3777-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3777-3/" "name": "DSA-4308",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4308"
"name" : "105302", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105302" "name": "105302",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/105302"
}, },
"source" : { {
"discovery" : "UNKNOWN" "name": "USN-3775-2",
} "refsource": "UBUNTU",
} "url": "https://usn.ubuntu.com/3775-2/"
},
{
"name": "USN-3777-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "[stable] 20180904 [PATCH 1/2] irda: Fix memory leak caused by repeated binds of irda socket",
"refsource": "MLIST",
"url": "https://www.spinics.net/lists/stable/msg255034.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2019/0xxx/CVE-2019-0564.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2019-0564", "ID": "CVE-2019-0564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ASP.NET Core", "product_name": "ASP.NET Core",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1" "version_value": "2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564" "lang": "eng",
}, "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548."
{ }
"name" : "RHSA-2019:0040", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2019:0040" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106413", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106413" "lang": "eng",
} "value": "Denial of Service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
},
{
"name": "106413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106413"
},
{
"name": "RHSA-2019:0040",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
]
}
}

34
2019/0xxx/CVE-2019-0681.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0681", "ID": "CVE-2019-0681",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/0xxx/CVE-2019-0932.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-0932", "ID": "CVE-2019-0932",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1506.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1506", "ID": "CVE-2019-1506",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1561.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1561", "ID": "CVE-2019-1561",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/1xxx/CVE-2019-1563.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-1563", "ID": "CVE-2019-1563",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

188
2019/1xxx/CVE-2019-1617.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2019-03-06T16:00:00-0800", "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
"ID" : "CVE-2019-1617", "ID": "CVE-2019-1617",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability" "TITLE": "Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nexus 9000 Series Switches in Standalone NX-OS Mode ", "product_name": "Nexus 9000 Series Switches in Standalone NX-OS Mode ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "7.0(3)I7(5)" "version_value": "7.0(3)I7(5)"
}, },
{ {
"affected" : "<", "affected": "<",
"version_value" : "9.2(2)" "version_value": "9.2(2)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.4",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-913"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20190306 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos" "lang": "eng",
}, "value": "A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2)."
{ }
"name" : "107336", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/107336" "exploit": [
} {
] "lang": "eng",
}, "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"source" : { }
"advisory" : "cisco-sa-20190306-nxos-npv-dos", ],
"defect" : [ "impact": {
[ "cvss": {
"CSCvk44504" "baseScore": "7.4",
] "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
], "version": "3.0"
"discovery" : "INTERNAL" }
} },
} "problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-913"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190306 Cisco Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos"
},
{
"name": "107336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107336"
}
]
},
"source": {
"advisory": "cisco-sa-20190306-nxos-npv-dos",
"defect": [
[
"CSCvk44504"
]
],
"discovery": "INTERNAL"
}
}

34
2019/5xxx/CVE-2019-5809.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5809", "ID": "CVE-2019-5809",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5817.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5817", "ID": "CVE-2019-5817",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5842.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5842", "ID": "CVE-2019-5842",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }