admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:08:23 +00:00
parent ffaf1c48b2
commit 35961869f2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4317 additions and 4317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0008.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in NIS+, in Sun's rpc.nisd program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "00170",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NIS+, in Sun's rpc.nisd program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "00170",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170"
}
]
}
}

140
1999/0xxx/CVE-1999-0837.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denial of service in BIND by improperly closing TCP sessions via so_linger."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CSSA-1999-034.1",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt"
},
{
"name" : "00194",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194"
},
{
"name" : "788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service in BIND by improperly closing TCP sessions via so_linger."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-1999-034.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt"
},
{
"name": "788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/788"
},
{
"name": "00194",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194"
}
]
}
}

150
1999/1xxx/CVE-1999-1041.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980827 SCO mscreen vul.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/10420"
},
{
"name" : "19980926 Root exploit for SCO OpenServer.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90686250717719&w=2"
},
{
"name" : "SB-98.05a",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/SSE/security_bulletins/SB-98.05a"
},
{
"name" : "VB-98.10",
"refsource" : "CERT",
"url" : "http://www.cert.org/vendor_bulletins/VB-98.10.sco.mscreen"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a long entry in the .mscreenrc file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980926 Root exploit for SCO OpenServer.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90686250717719&w=2"
},
{
"name": "SB-98.05a",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/SSE/security_bulletins/SB-98.05a"
},
{
"name": "VB-98.10",
"refsource": "CERT",
"url": "http://www.cert.org/vendor_bulletins/VB-98.10.sco.mscreen"
},
{
"name": "19980827 SCO mscreen vul.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/10420"
}
]
}
}

34
1999/1xxx/CVE-1999-1056.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1056",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1395. Reason: This candidate is a duplicate of CVE-1999-1395. Notes: All CVE users should reference CVE-1999-1395 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-1999-1056",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1395. Reason: This candidate is a duplicate of CVE-1999-1395. Notes: All CVE users should reference CVE-1999-1395 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
1999/1xxx/CVE-1999-1143.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "H-065",
"refsource" : "CIAC",
"url" : "http://ciac.llnl.gov/ciac/bulletins/h-65.shtml"
},
{
"name" : "19970504-01-PX",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX"
},
{
"name" : "sgi-rld(2109)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sgi-rld(2109)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2109"
},
{
"name": "19970504-01-PX",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX"
},
{
"name": "H-065",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/h-65.shtml"
}
]
}
}

140
1999/1xxx/CVE-1999-1442.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.helsinki.fi/linux/linux-kernel/Year-1998/1998-25/0816.html",
"refsource" : "MISC",
"url" : "http://www.cs.helsinki.fi/linux/linux-kernel/Year-1998/1998-25/0816.html"
},
{
"name" : "http://uwsg.iu.edu/hypermail/linux/kernel/9805.3/0855.html",
"refsource" : "MISC",
"url" : "http://uwsg.iu.edu/hypermail/linux/kernel/9805.3/0855.html"
},
{
"name" : "105",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.helsinki.fi/linux/linux-kernel/Year-1998/1998-25/0816.html",
"refsource": "MISC",
"url": "http://www.cs.helsinki.fi/linux/linux-kernel/Year-1998/1998-25/0816.html"
},
{
"name": "http://uwsg.iu.edu/hypermail/linux/kernel/9805.3/0855.html",
"refsource": "MISC",
"url": "http://uwsg.iu.edu/hypermail/linux/kernel/9805.3/0855.html"
},
{
"name": "105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105"
}
]
}
}

130
2000/0xxx/CVE-2000-0116.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the \"Strip Script Tags\" restriction by including an extra < in front of the SCRIPT tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/954"
},
{
"name" : "1212",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the \"Strip Script Tags\" restriction by including an extra < in front of the SCRIPT tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/954"
},
{
"name": "1212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1212"
}
]
}
}

130
2000/0xxx/CVE-2000-0196.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2000:006",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-006.html"
},
{
"name" : "1018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2000:006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-006.html"
},
{
"name": "1018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1018"
}
]
}
}

130
2000/0xxx/CVE-2000-0387.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0387",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-00:16",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc"
},
{
"name" : "1184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:16",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc"
},
{
"name": "1184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1184"
}
]
}
}

130
2000/0xxx/CVE-2000-0608.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000620 NetWin dMailWeb Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca"
},
{
"name" : "1376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1376"
},
{
"name": "20000620 NetWin dMailWeb Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca"
}
]
}
}

140
2000/0xxx/CVE-2000-0766.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000819 D.o.S Vulnerability in vqServer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com"
},
{
"name" : "1610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1610"
},
{
"name" : "vqserver-get-dos(5152)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1610"
},
{
"name": "vqserver-get-dos(5152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5152"
},
{
"name": "20000819 D.o.S Vulnerability in vqServer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com"
}
]
}
}

150
2000/0xxx/CVE-2000-0772.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account \"sa\" with no password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0098.html"
},
{
"name" : "http://thompson.tumbleweed.com/NewKB/bulletin/UPFiles/sa-official.htm",
"refsource" : "CONFIRM",
"url" : "http://thompson.tumbleweed.com/NewKB/bulletin/UPFiles/sa-official.htm"
},
{
"name" : "1562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1562"
},
{
"name" : "tumbleweed-mms-blank-password(5072)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account \"sa\" with no password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://thompson.tumbleweed.com/NewKB/bulletin/UPFiles/sa-official.htm",
"refsource": "CONFIRM",
"url": "http://thompson.tumbleweed.com/NewKB/bulletin/UPFiles/sa-official.htm"
},
{
"name": "tumbleweed-mms-blank-password(5072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5072"
},
{
"name": "1562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1562"
},
{
"name": "20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0098.html"
}
]
}
}

140
2000/0xxx/CVE-2000-0783.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000815 Watchguard Firebox Authentication DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html"
},
{
"name" : "1573",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1573"
},
{
"name" : "firebox-url-dos(5098)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000815 Watchguard Firebox Authentication DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html"
},
{
"name": "firebox-url-dos(5098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5098"
},
{
"name": "1573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1573"
}
]
}
}

150
2000/1xxx/CVE-2000-1059.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an \"xhost + localhost\" command, which allows local users to sniff X Windows events and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000929 Mandrake 7.1 bypasses Xauthority X session security.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/136495"
},
{
"name" : "MDKSA-2000:052",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3"
},
{
"name" : "1735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1735"
},
{
"name" : "xinitrc-bypass-xauthority(5305)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an \"xhost + localhost\" command, which allows local users to sniff X Windows events and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000929 Mandrake 7.1 bypasses Xauthority X session security.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/136495"
},
{
"name": "MDKSA-2000:052",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3"
},
{
"name": "xinitrc-bypass-xauthority(5305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5305"
},
{
"name": "1735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1735"
}
]
}
}

140
2000/1xxx/CVE-2000-1092.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a \"/\" in front of the target filename in the \"file\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001213 NSFOCUS SA2000-09 : AHG EZshopper Loadpage.cgi File List",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=97676270729984&w=2"
},
{
"name" : "2109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2109"
},
{
"name" : "ezshopper-cgi-file-disclosure(5740)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5740"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a \"/\" in front of the target filename in the \"file\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ezshopper-cgi-file-disclosure(5740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5740"
},
{
"name": "20001213 NSFOCUS SA2000-09 : AHG EZshopper Loadpage.cgi File List",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97676270729984&w=2"
},
{
"name": "2109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2109"
}
]
}
}

150
2005/2xxx/CVE-2005-2191.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050707 [Bday release] Comersus shopping cart has multiple Sql injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112077057001064&w=2"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/backoffice_mult_exp.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/backoffice_mult_exp.pl"
},
{
"name" : "15251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15251"
},
{
"name" : "1014419",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15251"
},
{
"name": "20050707 [Bday release] Comersus shopping cart has multiple Sql injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112077057001064&w=2"
},
{
"name": "1014419",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014419"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/backoffice_mult_exp.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/backoffice_mult_exp.pl"
}
]
}
}

120
2005/2xxx/CVE-2005-2339.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-2339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/jp/JVN%2379925E6F/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/jp/JVN%2379925E6F/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/jp/JVN%2379925E6F/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/jp/JVN%2379925E6F/index.html"
}
]
}
}

290
2005/2xxx/CVE-2005-2971.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://scary.beasts.org/security/CESA-2005-005.txt",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2005-005.txt"
},
{
"name" : "http://www.kde.org/info/security/advisory-20051011-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20051011-1.txt"
},
{
"name" : "DSA-872",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-872"
},
{
"name" : "FEDORA-2005-984",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00042.html"
},
{
"name" : "GLSA-200510-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-12.xml"
},
{
"name" : "SSA:2005-310-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.388487"
},
{
"name" : "SUSE-SR:2005:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name" : "USN-202-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/202-1/"
},
{
"name" : "15060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15060"
},
{
"name" : "1015035",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015035"
},
{
"name" : "17145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17145/"
},
{
"name" : "17190",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17190"
},
{
"name" : "17212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17212"
},
{
"name" : "17486",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17486"
},
{
"name" : "17171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17171"
},
{
"name" : "17332",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17332"
},
{
"name" : "17480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17480"
},
{
"name" : "koffice-kword-rtf-importer-bo(22562)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17480"
},
{
"name": "1015035",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015035"
},
{
"name": "SSA:2005-310-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.388487"
},
{
"name": "http://scary.beasts.org/security/CESA-2005-005.txt",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2005-005.txt"
},
{
"name": "SUSE-SR:2005:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "17171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17171"
},
{
"name": "GLSA-200510-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-12.xml"
},
{
"name": "17212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17212"
},
{
"name": "17332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17332"
},
{
"name": "DSA-872",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-872"
},
{
"name": "FEDORA-2005-984",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00042.html"
},
{
"name": "17486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17486"
},
{
"name": "17190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17190"
},
{
"name": "USN-202-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/202-1/"
},
{
"name": "http://www.kde.org/info/security/advisory-20051011-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20051011-1.txt"
},
{
"name": "17145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17145/"
},
{
"name": "15060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15060"
},
{
"name": "koffice-kword-rtf-importer-bo(22562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22562"
}
]
}
}

180
2005/3xxx/CVE-2005-3338.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.mantisbt.org/changelog_page.php",
"refsource" : "CONFIRM",
"url" : "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name" : "DSA-905",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-905"
},
{
"name" : "GLSA-200510-24",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name" : "15227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15227"
},
{
"name" : "17362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17362"
},
{
"name" : "16506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16506"
},
{
"name" : "17654",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mantisbt.org/changelog_page.php",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbt.org/changelog_page.php"
},
{
"name": "DSA-905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-905"
},
{
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "17654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17654"
},
{
"name": "GLSA-200510-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-24.xml"
},
{
"name": "17362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17362"
},
{
"name": "15227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15227"
}
]
}
}

180
2005/3xxx/CVE-2005-3708.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-01-10",
"refsource" : "APPLE",
"url" : "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name" : "16202",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16202"
},
{
"name" : "ADV-2006-0128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name" : "22336",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22336"
},
{
"name" : "1015464",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015464"
},
{
"name" : "18370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18370"
},
{
"name" : "quicktime-tga-overflow(24057)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "quicktime-tga-overflow(24057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24057"
},
{
"name": "1015464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
}
]
}
}

170
2007/5xxx/CVE-2007-5018.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4429",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4429"
},
{
"name" : "25733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25733"
},
{
"name" : "ADV-2007-3224",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3224"
},
{
"name" : "39670",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39670"
},
{
"name" : "1018714",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018714"
},
{
"name" : "26878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018714",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018714"
},
{
"name": "25733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25733"
},
{
"name": "4429",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4429"
},
{
"name": "39670",
"refsource": "OSVDB",
"url": "http://osvdb.org/39670"
},
{
"name": "26878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26878"
},
{
"name": "ADV-2007-3224",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3224"
}
]
}
}

170
2007/5xxx/CVE-2007-5249.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071001 Unexploitable buffer-overflow in America's Army 2.8.2 through PB",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/481227/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/aaboompb-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/aaboompb-adv.txt"
},
{
"name" : "http://aluigi.org/poc/aaboompb.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/aaboompb.zip"
},
{
"name" : "27015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27015"
},
{
"name" : "3193",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3193"
},
{
"name" : "americasarmy-logging-dos(36897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071001 Unexploitable buffer-overflow in America's Army 2.8.2 through PB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481227/100/0/threaded"
},
{
"name": "americasarmy-logging-dos(36897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36897"
},
{
"name": "http://aluigi.org/poc/aaboompb.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/aaboompb.zip"
},
{
"name": "27015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27015"
},
{
"name": "http://aluigi.altervista.org/adv/aaboompb-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/aaboompb-adv.txt"
},
{
"name": "3193",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3193"
}
]
}
}

140
2009/2xxx/CVE-2009-2097.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090615 [DSF-02-2009] - Zoki Catalog SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504311/100/0/threaded"
},
{
"name" : "http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/",
"refsource" : "MISC",
"url" : "http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/"
},
{
"name" : "35476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/",
"refsource": "MISC",
"url": "http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/"
},
{
"name": "20090615 [DSF-02-2009] - Zoki Catalog SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504311/100/0/threaded"
},
{
"name": "35476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35476"
}
]
}
}

300
2009/2xxx/CVE-2009-2694.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9615",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9615"
},
{
"name" : "http://www.coresecurity.com/content/libpurple-arbitrary-write",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"name" : "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e",
"refsource" : "CONFIRM",
"url" : "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"name" : "http://developer.pidgin.im/wiki/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"name" : "http://www.pidgin.im/news/security/?id=34",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=34"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=514957",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"name" : "DSA-1870",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1870"
},
{
"name" : "RHSA-2009:1218",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
},
{
"name" : "266908",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"name" : "oval:org.mitre.oval:def:10319",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"name" : "oval:org.mitre.oval:def:6320",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"name" : "36384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36384"
},
{
"name" : "36392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36392"
},
{
"name" : "36401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36401"
},
{
"name" : "36402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36402"
},
{
"name" : "36708",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36708"
},
{
"name" : "37071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37071"
},
{
"name" : "ADV-2009-2303",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2303"
},
{
"name" : "ADV-2009-2663",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2663"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514957",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514957"
},
{
"name": "ADV-2009-2303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2303"
},
{
"name": "36392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36392"
},
{
"name": "http://www.pidgin.im/news/security/?id=34",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=34"
},
{
"name": "oval:org.mitre.oval:def:6320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320"
},
{
"name": "http://www.coresecurity.com/content/libpurple-arbitrary-write",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/libpurple-arbitrary-write"
},
{
"name": "36402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36402"
},
{
"name": "266908",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e"
},
{
"name": "36384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36384"
},
{
"name": "DSA-1870",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1870"
},
{
"name": "37071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37071"
},
{
"name": "36708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36708"
},
{
"name": "ADV-2009-2663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2663"
},
{
"name": "oval:org.mitre.oval:def:10319",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"
},
{
"name": "36401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36401"
},
{
"name": "9615",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9615"
},
{
"name": "http://developer.pidgin.im/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/wiki/ChangeLog"
},
{
"name": "RHSA-2009:1218",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1218.html"
}
]
}
}

140
2009/2xxx/CVE-2009-2748.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK92057",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1PK92057"
},
{
"name" : "PK99481",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1PK99481"
},
{
"name" : "was-adminconsole-xss(54229)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54229"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "was-adminconsole-xss(54229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54229"
},
{
"name": "PK92057",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PK92057"
},
{
"name": "PK99481",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PK99481"
}
]
}
}

150
2009/2xxx/CVE-2009-2870.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18891",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18891"
},
{
"name" : "20090923 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811b.shtml"
},
{
"name" : "1022930",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022930"
},
{
"name" : "ADV-2009-2759",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cisco Unified Border Element feature is enabled, allows remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCsx25880."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090923 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af811b.shtml"
},
{
"name": "1022930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022930"
},
{
"name": "ADV-2009-2759",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2759"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18891",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18891"
}
]
}
}

140
2009/3xxx/CVE-2009-3325.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9721",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9721"
},
{
"name" : "36464",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36464"
},
{
"name" : "ADV-2009-2705",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2705",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2705"
},
{
"name": "36464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36464"
},
{
"name": "9721",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9721"
}
]
}
}

140
2015/0xxx/CVE-2015-0217.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150119 Moodle security issues are now public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/01/19/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=278617",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=278617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=278617",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=278617"
},
{
"name": "[oss-security] 20150119 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/01/19/1"
}
]
}
}

150
2015/0xxx/CVE-2015-0367.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72179"
},
{
"name" : "62473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62473"
},
{
"name" : "oracle-cpujan2015-cve20150367(100077)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62473"
},
{
"name": "oracle-cpujan2015-cve20150367(100077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100077"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "72179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72179"
}
]
}
}

280
2015/0xxx/CVE-2015-0400.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
"refsource" : "CONFIRM",
"url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"name" : "GLSA-201603-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-14"
},
{
"name" : "GLSA-201507-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-14"
},
{
"name" : "HPSBUX03273",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name" : "SSRT101951",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name" : "HPSBUX03281",
"refsource" : "HP",
"url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"name" : "SSRT101968",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2"
},
{
"name" : "SUSE-SU-2015:0336",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:0190",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"name" : "SUSE-SU-2015:0503",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"name" : "USN-2486-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"name" : "USN-2487-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"name" : "72159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72159"
},
{
"name" : "1031580",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031580"
},
{
"name" : "oracle-cpujan2015-cve20150400(100149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:0503",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"
},
{
"name": "72159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72159"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html"
},
{
"name": "oracle-cpujan2015-cve20150400(100149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100149"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "USN-2487-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2487-1"
},
{
"name": "GLSA-201603-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-14"
},
{
"name": "SUSE-SU-2015:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474"
},
{
"name": "USN-2486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2486-1"
},
{
"name": "GLSA-201507-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"name": "SSRT101951",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name": "HPSBUX03281",
"refsource": "HP",
"url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"
},
{
"name": "SSRT101968",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2"
},
{
"name": "openSUSE-SU-2015:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"
},
{
"name": "HPSBUX03273",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2"
},
{
"name": "1031580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031580"
}
]
}
}

130
2015/1000xxx/CVE-2015-1000013.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1000013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1000013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=153",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=153"
},
{
"name" : "94497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=153",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=153"
},
{
"name": "94497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94497"
}
]
}
}

180
2015/3xxx/CVE-2015-3125.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-3125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
},
{
"name" : "GLSA-201507-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-13"
},
{
"name" : "RHSA-2015:1214",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1214.html"
},
{
"name" : "SUSE-SU-2015:1211",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html"
},
{
"name" : "SUSE-SU-2015:1214",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html"
},
{
"name" : "75594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75594"
},
{
"name" : "1032810",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032810"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032810"
},
{
"name": "75594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75594"
},
{
"name": "SUSE-SU-2015:1211",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html"
},
{
"name": "RHSA-2015:1214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html"
},
{
"name": "SUSE-SU-2015:1214",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html"
},
{
"name": "GLSA-201507-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-13"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
}
]
}
}

34
2015/3xxx/CVE-2015-3997.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3997",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3997",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/4xxx/CVE-2015-4258.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150709 Cisco TelePresence MSE 8000 Series Cross-Site Request Forgery Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39802"
},
{
"name" : "1032838",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032838"
},
{
"name": "20150709 Cisco TelePresence MSE 8000 Series Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39802"
}
]
}
}

220
2015/4xxx/CVE-2015-4512.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-107.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-107.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1170390",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1170390"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "openSUSE-SU-2015:1658",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name" : "openSUSE-SU-2015:1681",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name" : "USN-2743-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name" : "USN-2743-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-1"
},
{
"name" : "USN-2743-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name" : "USN-2743-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name" : "76815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76815"
},
{
"name" : "1033640",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-107.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-107.html"
},
{
"name": "USN-2743-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2743-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name": "76815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76815"
},
{
"name": "USN-2743-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name": "1033640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033640"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1170390",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1170390"
},
{
"name": "openSUSE-SU-2015:1658",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name": "USN-2743-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-1"
}
]
}
}

180
2015/4xxx/CVE-2015-4515.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-117.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-117.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1046421",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1046421"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "openSUSE-SU-2015:1942",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name" : "USN-2785-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name" : "1034069",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034069",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034069"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-117.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-117.html"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "USN-2785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2785-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2015:1942",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1046421",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1046421"
}
]
}
}

230
2015/8xxx/CVE-2015-8551.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-157.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-157.html"
},
{
"name" : "DSA-3434",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3434"
},
{
"name" : "GLSA-201604-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-03"
},
{
"name" : "SUSE-SU-2016:1707",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "SUSE-SU-2016:1937",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name" : "SUSE-SU-2016:2105",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name" : "openSUSE-SU-2016:2184",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name" : "SUSE-SU-2016:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"name" : "SUSE-SU-2016:1102",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name" : "79546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79546"
},
{
"name" : "1034480",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034480"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-157.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-157.html"
},
{
"name": "1034480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034480"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "SUSE-SU-2016:1102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "DSA-3434",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3434"
},
{
"name": "79546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79546"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name": "SUSE-SU-2016:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
}
]
}
}

180
2015/8xxx/CVE-2015-8806.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"<!DOCTYPE html\" substring in a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160203 Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/03/5"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=749115",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=749115"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name" : "DSA-3593",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2016/dsa-3593"
},
{
"name" : "GLSA-201701-37",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-37"
},
{
"name" : "USN-2994-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name" : "82071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/82071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"<!DOCTYPE html\" substring in a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=749115",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=749115"
},
{
"name": "DSA-3593",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3593"
},
{
"name": "USN-2994-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20160203 Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/03/5"
},
{
"name": "GLSA-201701-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-37"
},
{
"name": "82071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82071"
}
]
}
}

132
2015/9xxx/CVE-2015-9044.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-07-01T00:00:00",
"ID" : "CVE-2015-9044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reachable Assertion Vulnerability in LTE"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-07-01T00:00:00",
"ID": "CVE-2015-9044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion Vulnerability in LTE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99467"
}
]
}
}

150
2016/5xxx/CVE-2016-5117.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160523 CVE request: OpenNTPD not verifying CN during HTTPS constraints request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/23/2"
},
{
"name" : "[oss-security] 20160529 Re: CVE request: OpenNTPD not verifying CN during HTTPS constraints request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/29/6"
},
{
"name" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28"
},
{
"name" : "http://www.openntpd.org/txt/release-6.0p1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openntpd.org/txt/release-6.0p1.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28",
"refsource": "CONFIRM",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28"
},
{
"name": "[oss-security] 20160523 CVE request: OpenNTPD not verifying CN during HTTPS constraints request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/23/2"
},
{
"name": "[oss-security] 20160529 Re: CVE request: OpenNTPD not verifying CN during HTTPS constraints request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/29/6"
},
{
"name": "http://www.openntpd.org/txt/release-6.0p1.txt",
"refsource": "CONFIRM",
"url": "http://www.openntpd.org/txt/release-6.0p1.txt"
}
]
}
}

210
2016/5xxx/CVE-2016-5277.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1291665",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1291665"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-86/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-86/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-88/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-88/"
},
{
"name" : "DSA-3674",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3674"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:1912",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1912.html"
},
{
"name" : "93049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93049"
},
{
"name" : "1036852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-86/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-86/"
},
{
"name": "DSA-3674",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3674"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1291665",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1291665"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "RHSA-2016:1912",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-88/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-88/"
},
{
"name": "93049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93049"
},
{
"name": "1036852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036852"
}
]
}
}

142
2016/5xxx/CVE-2016-5861.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-05-01T00:00:00",
"ID" : "CVE-2016-5861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "Android for MSM, Firefox OS for MSM, QRD Android"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Display"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-05-01T00:00:00",
"ID": "CVE-2016-5861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "Android for MSM, Firefox OS for MSM, QRD Android"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d",
"refsource" : "MISC",
"url" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d"
},
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Display"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"name": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d"
}
]
}
}

180
2016/5xxx/CVE-2016-5995.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990061",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
},
{
"name" : "IT16921",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
},
{
"name" : "IT17010",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
},
{
"name" : "IT17011",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
},
{
"name" : "IT17012",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
},
{
"name" : "93012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93012"
},
{
"name" : "1036837",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT17012",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17012"
},
{
"name": "IT16921",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT16921"
},
{
"name": "1036837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036837"
},
{
"name": "93012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93012"
},
{
"name": "IT17010",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17010"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990061"
},
{
"name": "IT17011",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT17011"
}
]
}
}

34
2018/2xxx/CVE-2018-2109.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2109",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2109",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

174
2018/2xxx/CVE-2018-2412.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Disclosure Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "10.1"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 3.8,
"baseSeverity" : "LOW",
"confidentialityImpact" : "NONE",
"integrityImpact" : "LOW",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Authorization Check"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Disclosure Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2614359",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2614359"
},
{
"name" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/"
},
{
"name" : "103727",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/"
},
{
"name": "103727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103727"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2614359",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2614359"
}
]
}
}

34
2018/2xxx/CVE-2018-2546.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2546",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-2546",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

182
2018/2xxx/CVE-2018-2684.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "User Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "User Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "102649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102649"
},
{
"name" : "1040201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Registration Process). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1040201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040201"
},
{
"name": "102649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102649"
}
]
}
}

158
2018/2xxx/CVE-2018-2820.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103893"
},
{
"name" : "1040701",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103893"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040701"
}
]
}
}

172
2018/6xxx/CVE-2018-6141.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "67.0.3396.62"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient validation of untrusted input"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "67.0.3396.62"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/796107",
"refsource" : "MISC",
"url" : "https://crbug.com/796107"
},
{
"name" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"
},
{
"name" : "DSA-4237",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4237"
},
{
"name" : "RHSA-2018:1815",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1815"
},
{
"name" : "104309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104309"
},
{
"name" : "1041014",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient validation of untrusted input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/796107",
"refsource": "MISC",
"url": "https://crbug.com/796107"
},
{
"name": "104309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104309"
},
{
"name": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html"
},
{
"name": "1041014",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041014"
},
{
"name": "RHSA-2018:1815",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1815"
},
{
"name": "DSA-4237",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4237"
}
]
}
}

120
2018/6xxx/CVE-2018-6654.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: \"user\"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1527",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: \"user\"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1527",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1527"
}
]
}
}

130
2018/6xxx/CVE-2018-6830.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/",
"refsource" : "MISC",
"url" : "https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/"
},
{
"name" : "https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html",
"refsource" : "CONFIRM",
"url" : "https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html",
"refsource": "CONFIRM",
"url": "https://www.foscam.com/company/securing-your-foscam-camera-important-notice.html"
},
{
"name": "https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/",
"refsource": "MISC",
"url": "https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/"
}
]
}
}

34
2018/7xxx/CVE-2018-7545.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7545",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7545",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7596.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7596",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7596",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

366
2019/0xxx/CVE-2019-0626.json
View File

@ -1,185 +1,185 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2019-0626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows",
"version" : {
"version_data" : [
{
"version_value" : "7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "8.1 for 32-bit systems"
},
{
"version_value" : "8.1 for x64-based systems"
},
{
"version_value" : "RT 8.1"
},
{
"version_value" : "10 for 32-bit Systems"
},
{
"version_value" : "10 for x64-based Systems"
},
{
"version_value" : "10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "10 Version 1607 for x64-based Systems"
},
{
"version_value" : "10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "10 Version 1703 for x64-based Systems"
},
{
"version_value" : "10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "10 Version 1709 for x64-based Systems"
},
{
"version_value" : "10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "10 Version 1803 for x64-based Systems"
},
{
"version_value" : "10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "10 Version 1809 for x64-based Systems"
},
{
"version_value" : "10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name" : "Windows Server",
"version" : {
"version_data" : [
{
"version_value" : "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value" : "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value" : "2012"
},
{
"version_value" : "2012 (Core installation)"
},
{
"version_value" : "2012 R2"
},
{
"version_value" : "2012 R2 (Core installation)"
},
{
"version_value" : "2016"
},
{
"version_value" : "2016 (Core installation)"
},
{
"version_value" : "version 1709 (Core Installation)"
},
{
"version_value" : "version 1803 (Core Installation)"
},
{
"version_value" : "2019"
},
{
"version_value" : "2019 (Core installation)"
},
{
"version_value" : "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value" : "2008 for x64-based Systems Service Pack 2"
},
{
"version_value" : "2008 for x64-based Systems Service Pack 2 (Core installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows",
"version": {
"version_data": [
{
"version_value": "7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "7 for x64-based Systems Service Pack 1"
},
{
"version_value": "8.1 for 32-bit systems"
},
{
"version_value": "8.1 for x64-based systems"
},
{
"version_value": "RT 8.1"
},
{
"version_value": "10 for 32-bit Systems"
},
{
"version_value": "10 for x64-based Systems"
},
{
"version_value": "10 Version 1607 for 32-bit Systems"
},
{
"version_value": "10 Version 1607 for x64-based Systems"
},
{
"version_value": "10 Version 1703 for 32-bit Systems"
},
{
"version_value": "10 Version 1703 for x64-based Systems"
},
{
"version_value": "10 Version 1709 for 32-bit Systems"
},
{
"version_value": "10 Version 1709 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for 32-bit Systems"
},
{
"version_value": "10 Version 1803 for x64-based Systems"
},
{
"version_value": "10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "10 Version 1809 for 32-bit Systems"
},
{
"version_value": "10 Version 1809 for x64-based Systems"
},
{
"version_value": "10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "10 Version 1709 for ARM64-based Systems"
}
]
}
},
{
"product_name": "Windows Server",
"version": {
"version_data": [
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)"
},
{
"version_value": "2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)"
},
{
"version_value": "2012"
},
{
"version_value": "2012 (Core installation)"
},
{
"version_value": "2012 R2"
},
{
"version_value": "2012 R2 (Core installation)"
},
{
"version_value": "2016"
},
{
"version_value": "2016 (Core installation)"
},
{
"version_value": "version 1709 (Core Installation)"
},
{
"version_value": "version 1803 (Core Installation)"
},
{
"version_value": "2019"
},
{
"version_value": "2019 (Core installation)"
},
{
"version_value": "2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626"
},
{
"name" : "106887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106887"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626"
},
{
"name": "106887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106887"
}
]
}
}

34
2019/1xxx/CVE-2019-1157.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1157",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1157",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1389.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1389",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1389",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1539.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1539",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1539",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1944.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1944",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1944",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5515.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5515",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5515",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

162
2019/5xxx/CVE-2019-5767.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2019-5767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "72.0.3626.81"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "72.0.3626.81"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/902427",
"refsource" : "MISC",
"url" : "https://crbug.com/902427"
},
{
"name" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4395",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4395"
},
{
"name" : "RHSA-2019:0309",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0309"
},
{
"name" : "106767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106767"
},
{
"name": "RHSA-2019:0309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0309"
},
{
"name": "DSA-4395",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4395"
},
{
"name": "https://crbug.com/902427",
"refsource": "MISC",
"url": "https://crbug.com/902427"
},
{
"name": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html"
}
]
}
}

34
2019/5xxx/CVE-2019-5837.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5837",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5837",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5853.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5853",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5853",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}