admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:35:35 +00:00
parent fd81d1ecde
commit 361fc88c14
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 3431 additions and 3431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0302.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0302",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "00176",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "00176",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176"
}
]
}
}

160
2007/0xxx/CVE-2007-0231.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://golem.ph.utexas.edu/~distler/blog/archives/001102.html",
"refsource" : "MISC",
"url" : "http://golem.ph.utexas.edu/~distler/blog/archives/001102.html"
},
{
"name" : "http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html",
"refsource" : "MISC",
"url" : "http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html"
},
{
"name" : "ADV-2007-0142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0142"
},
{
"name" : "32717",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32717"
},
{
"name" : "23669",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0142"
},
{
"name": "32717",
"refsource": "OSVDB",
"url": "http://osvdb.org/32717"
},
{
"name": "http://golem.ph.utexas.edu/~distler/blog/archives/001102.html",
"refsource": "MISC",
"url": "http://golem.ph.utexas.edu/~distler/blog/archives/001102.html"
},
{
"name": "http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html",
"refsource": "MISC",
"url": "http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html"
},
{
"name": "23669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23669"
}
]
}
}

190
2007/0xxx/CVE-2007-0278.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
},
{
"name" : "TA07-017A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
},
{
"name" : "22083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22083"
},
{
"name" : "32918",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32918"
},
{
"name" : "32920",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32920"
},
{
"name" : "1017522",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017522"
},
{
"name" : "23794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23794"
},
{
"name" : "oracle-cpu-jan2007(31541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32920",
"refsource": "OSVDB",
"url": "http://osvdb.org/32920"
},
{
"name": "23794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23794"
},
{
"name": "22083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22083"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
},
{
"name": "32918",
"refsource": "OSVDB",
"url": "http://osvdb.org/32918"
},
{
"name": "TA07-017A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-017A.html"
},
{
"name": "oracle-cpu-jan2007(31541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31541"
},
{
"name": "1017522",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017522"
}
]
}
}

140
2007/0xxx/CVE-2007-0341.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070112 Re: xss in phpmyadmin <= 2.8.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456726/100/0/threaded"
},
{
"name" : "20070112 xss in phpmyadmin <= 2.8.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/456698/100/0/threaded"
},
{
"name" : "http://www.virtuax.be/advisories/Advisory1-12012007.txt",
"refsource" : "MISC",
"url" : "http://www.virtuax.be/advisories/Advisory1-12012007.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.virtuax.be/advisories/Advisory1-12012007.txt",
"refsource": "MISC",
"url": "http://www.virtuax.be/advisories/Advisory1-12012007.txt"
},
{
"name": "20070112 Re: xss in phpmyadmin <= 2.8.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456726/100/0/threaded"
},
{
"name": "20070112 xss in phpmyadmin <= 2.8.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/456698/100/0/threaded"
}
]
}
}

170
2007/0xxx/CVE-2007-0534.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain \"fields on project nodes\" or (b) \"certain project-specific settings regarding issue tracking.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/112146",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/112146"
},
{
"name" : "22224",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22224"
},
{
"name" : "ADV-2007-0312",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0312"
},
{
"name" : "32133",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/32133"
},
{
"name" : "23908",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23908"
},
{
"name" : "projecttracking-unspecified-xss(31728)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain \"fields on project nodes\" or (b) \"certain project-specific settings regarding issue tracking.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "projecttracking-unspecified-xss(31728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31728"
},
{
"name": "22224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22224"
},
{
"name": "32133",
"refsource": "OSVDB",
"url": "http://osvdb.org/32133"
},
{
"name": "ADV-2007-0312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0312"
},
{
"name": "23908",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23908"
},
{
"name": "http://drupal.org/node/112146",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/112146"
}
]
}
}

150
2007/0xxx/CVE-2007-0617.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked \"safe for scripting,\" which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"
},
{
"name" : "22238",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22238"
},
{
"name" : "2210",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2210"
},
{
"name" : "earthlink-spamblocker-security-bypass(31827)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked \"safe for scripting,\" which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "earthlink-spamblocker-security-bypass(31827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"
},
{
"name": "22238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22238"
},
{
"name": "20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"
},
{
"name": "2210",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2210"
}
]
}
}

170
2007/1xxx/CVE-2007-1683.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-1683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#906777",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/906777"
},
{
"name" : "23674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23674"
},
{
"name" : "ADV-2007-1551",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1551"
},
{
"name" : "34331",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34331"
},
{
"name" : "25051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25051"
},
{
"name" : "incredimail-immenushellext-bo(33928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "incredimail-immenushellext-bo(33928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33928"
},
{
"name": "23674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23674"
},
{
"name": "ADV-2007-1551",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1551"
},
{
"name": "34331",
"refsource": "OSVDB",
"url": "http://osvdb.org/34331"
},
{
"name": "25051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25051"
},
{
"name": "VU#906777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/906777"
}
]
}
}

180
2007/1xxx/CVE-2007-1782.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-1782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kynos.co.jp/cws-support/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.kynos.co.jp/cws-support/index.html"
},
{
"name" : "JVN#73258608",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2373258608/index.html"
},
{
"name" : "23198",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23198"
},
{
"name" : "ADV-2007-1163",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1163"
},
{
"name" : "34543",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34543"
},
{
"name" : "24674",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24674"
},
{
"name" : "cruiseworks-security-bypass(33323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23198"
},
{
"name": "http://www.kynos.co.jp/cws-support/index.html",
"refsource": "CONFIRM",
"url": "http://www.kynos.co.jp/cws-support/index.html"
},
{
"name": "ADV-2007-1163",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1163"
},
{
"name": "cruiseworks-security-bypass(33323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33323"
},
{
"name": "34543",
"refsource": "OSVDB",
"url": "http://osvdb.org/34543"
},
{
"name": "JVN#73258608",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2373258608/index.html"
},
{
"name": "24674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24674"
}
]
}
}

260
2007/5xxx/CVE-2007-5623.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-5623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880",
"refsource" : "MISC",
"url" : "http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=348731",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=348731"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=196308",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=196308"
},
{
"name" : "DSA-1495",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1495"
},
{
"name" : "FEDORA-2007-2713",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00010.html"
},
{
"name" : "GLSA-200711-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-11.xml"
},
{
"name" : "MDVSA-2008:067",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name" : "SUSE-SR:2007:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name" : "26215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26215"
},
{
"name" : "ADV-2007-3629",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3629"
},
{
"name" : "27419",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27419"
},
{
"name" : "27496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27496"
},
{
"name" : "27609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27609"
},
{
"name" : "27965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27965"
},
{
"name" : "28930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27965"
},
{
"name": "26215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26215"
},
{
"name": "27609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27609"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=348731",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=348731"
},
{
"name": "MDVSA-2008:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:067"
},
{
"name": "28930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28930"
},
{
"name": "DSA-1495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1495"
},
{
"name": "SUSE-SR:2007:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
},
{
"name": "27496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27496"
},
{
"name": "FEDORA-2007-2713",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00010.html"
},
{
"name": "27419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27419"
},
{
"name": "ADV-2007-3629",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3629"
},
{
"name": "GLSA-200711-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-11.xml"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=196308",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=196308"
}
]
}
}

130
2007/5xxx/CVE-2007-5768.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=363",
"refsource" : "MISC",
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=363"
},
{
"name" : "43676",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43676"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43676",
"refsource": "OSVDB",
"url": "http://osvdb.org/43676"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=363",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=363"
}
]
}
}

140
2007/5xxx/CVE-2007-5774.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4561",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4561"
},
{
"name" : "43120",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43120"
},
{
"name" : "flatnuke3-index-path-disclosure(37404)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4561"
},
{
"name": "43120",
"refsource": "OSVDB",
"url": "http://osvdb.org/43120"
},
{
"name": "flatnuke3-index-path-disclosure(37404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37404"
}
]
}
}

150
2015/3xxx/CVE-2015-3027.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204663",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204663"
},
{
"name" : "APPLE-SA-2015-04-08-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html"
},
{
"name" : "73987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73987"
},
{
"name" : "1032081",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204663",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204663"
},
{
"name": "1032081",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032081"
},
{
"name": "73987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73987"
},
{
"name": "APPLE-SA-2015-04-08-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html"
}
]
}
}

150
2015/3xxx/CVE-2015-3346.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/29/6"
},
{
"name" : "https://www.drupal.org/node/2403375",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2403375"
},
{
"name" : "https://www.drupal.org/node/2402905",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2402905"
},
{
"name" : "71503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2403375",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2403375"
},
{
"name": "71503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71503"
},
{
"name": "https://www.drupal.org/node/2402905",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2402905"
},
{
"name": "[oss-security] 20150129 Re: CVEs for Drupal contributed modules - January 2015",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/6"
}
]
}
}

34
2015/3xxx/CVE-2015-3490.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3490",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3490",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2015/3xxx/CVE-2015-3880.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150512 Re: CVE Request: phpbb open redirect",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/05/12/10"
},
{
"name" : "https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04"
},
{
"name" : "https://wiki.phpbb.com/Release_Highlights/3.0.14",
"refsource" : "CONFIRM",
"url" : "https://wiki.phpbb.com/Release_Highlights/3.0.14"
},
{
"name" : "https://wiki.phpbb.com/Release_Highlights/3.1.4",
"refsource" : "CONFIRM",
"url" : "https://wiki.phpbb.com/Release_Highlights/3.1.4"
},
{
"name" : "https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941",
"refsource" : "CONFIRM",
"url" : "https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941"
},
{
"name" : "74592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.phpbb.com/Release_Highlights/3.1.4",
"refsource": "CONFIRM",
"url": "https://wiki.phpbb.com/Release_Highlights/3.1.4"
},
{
"name": "https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04",
"refsource": "CONFIRM",
"url": "https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04"
},
{
"name": "[oss-security] 20150512 Re: CVE Request: phpbb open redirect",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/12/10"
},
{
"name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941",
"refsource": "CONFIRM",
"url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941"
},
{
"name": "74592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74592"
},
{
"name": "https://wiki.phpbb.com/Release_Highlights/3.0.14",
"refsource": "CONFIRM",
"url": "https://wiki.phpbb.com/Release_Highlights/3.0.14"
}
]
}
}

150
2015/6xxx/CVE-2015-6014.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted DOC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-6014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "VU#916896",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/916896"
},
{
"name" : "81233",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/81233"
},
{
"name" : "1034711",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted DOC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "VU#916896",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/916896"
},
{
"name": "81233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81233"
},
{
"name": "1034711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034711"
}
]
}
}

130
2015/6xxx/CVE-2015-6317.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
},
{
"name" : "1034767",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034767"
},
{
"name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
}
]
}
}

130
2015/6xxx/CVE-2015-6745.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/120"
},
{
"name" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html",
"refsource" : "MISC",
"url" : "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150727 Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/120"
},
{
"name": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html",
"refsource": "MISC",
"url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2015/haavoittuvuus-2015-018.html"
}
]
}
}

34
2015/6xxx/CVE-2015-6799.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6799",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6799",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2015/7xxx/CVE-2015-7095.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205635",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205635"
},
{
"name" : "https://support.apple.com/HT205639",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205639"
},
{
"name" : "https://support.apple.com/HT205640",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205640"
},
{
"name" : "https://support.apple.com/kb/HT205636",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205636"
},
{
"name" : "APPLE-SA-2015-12-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name" : "APPLE-SA-2015-12-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
},
{
"name" : "APPLE-SA-2015-12-08-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
},
{
"name" : "openSUSE-SU-2016:0761",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name" : "78720",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78720"
},
{
"name" : "1034341",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205635",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205635"
},
{
"name": "78720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78720"
},
{
"name": "https://support.apple.com/kb/HT205636",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205636"
},
{
"name": "openSUSE-SU-2016:0761",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name": "APPLE-SA-2015-12-08-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
},
{
"name": "APPLE-SA-2015-12-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
},
{
"name": "https://support.apple.com/HT205639",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205639"
},
{
"name": "https://support.apple.com/HT205640",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205640"
},
{
"name": "1034341",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034341"
},
{
"name": "APPLE-SA-2015-12-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html"
}
]
}
}

140
2015/7xxx/CVE-2015-7247.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39409",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39409/"
},
{
"name" : "20160203 DLink DVG-N5402SP Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Feb/24"
},
{
"name" : "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
},
{
"name": "20160203 DLink DVG-N5402SP Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/24"
},
{
"name": "39409",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39409/"
}
]
}
}

120
2015/7xxx/CVE-2015-7415.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970811",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
}
]
}
}

210
2015/7xxx/CVE-2015-7581.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/25/16"
},
{
"name" : "[ruby-security-ann] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ"
},
{
"name" : "DSA-3464",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3464"
},
{
"name" : "FEDORA-2016-94e71ee673",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name" : "FEDORA-2016-f486068393",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
},
{
"name" : "RHSA-2016:0296",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name" : "SUSE-SU-2016:1146",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name" : "openSUSE-SU-2016:0372",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name" : "81677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/81677"
},
{
"name" : "1034816",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[ruby-security-ann] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ"
},
{
"name": "openSUSE-SU-2016:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html"
},
{
"name": "[oss-security] 20160125 [CVE-2015-7581] Object leak vulnerability for wildcard controller routes in Action Pack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/16"
},
{
"name": "FEDORA-2016-94e71ee673",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html"
},
{
"name": "FEDORA-2016-f486068393",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "1034816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034816"
},
{
"name": "DSA-3464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3464"
},
{
"name": "RHSA-2016:0296",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html"
},
{
"name": "81677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81677"
}
]
}
}

130
2015/7xxx/CVE-2015-7649.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-7649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/shockwave/apsb15-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/shockwave/apsb15-26.html"
},
{
"name" : "1033990",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033990"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/shockwave/apsb15-26.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/shockwave/apsb15-26.html"
},
{
"name": "1033990",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033990"
}
]
}
}

210
2015/7xxx/CVE-2015-7701.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug2909",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1274255",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3388",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3388"
},
{
"name" : "GLSA-201607-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-15"
},
{
"name" : "RHSA-2016:0780",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name" : "RHSA-2016:2583",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name" : "77281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77281"
},
{
"name" : "1033951",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2909",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77281"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}

160
2015/7xxx/CVE-2015-7765.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-7765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of \"plugin\" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38221",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38221/"
},
{
"name" : "20150915 ManageEngine OpManager multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/66"
},
{
"name" : "http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html"
},
{
"name" : "http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce"
},
{
"name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability",
"refsource" : "CONFIRM",
"url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of \"plugin\" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability",
"refsource": "CONFIRM",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/windows/http/manage_engine_opmanager_rce"
},
{
"name": "20150915 ManageEngine OpManager multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/66"
},
{
"name": "http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133596/ManageEngine-OpManager-Remote-Code-Execution.html"
},
{
"name": "38221",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38221/"
}
]
}
}

34
2015/8xxx/CVE-2015-8116.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8116",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-8116",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

150
2015/8xxx/CVE-2015-8350.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151202 Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/537022/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/134598/WordPress-Calls-To-Action-2.4.3-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134598/WordPress-Calls-To-Action-2.4.3-Cross-Site-Scripting.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23274",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23274"
},
{
"name" : "https://wordpress.org/plugins/cta/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/cta/#developers"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23274",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23274"
},
{
"name": "https://wordpress.org/plugins/cta/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/cta/#developers"
},
{
"name": "http://packetstormsecurity.com/files/134598/WordPress-Calls-To-Action-2.4.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134598/WordPress-Calls-To-Action-2.4.3-Cross-Site-Scripting.html"
},
{
"name": "20151202 Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537022/100/0/threaded"
}
]
}
}

130
2015/8xxx/CVE-2015-8611.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html"
},
{
"name" : "1034629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html"
},
{
"name": "1034629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034629"
}
]
}
}

160
2015/8xxx/CVE-2015-8961.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2015-8961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
},
{
"name" : "https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b"
},
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94135"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
},
{
"name": "https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94135"
}
]
}
}

140
2016/0xxx/CVE-2016-0122.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-0122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39694",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39694/"
},
{
"name" : "MS16-042",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name" : "1035525",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-042",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042"
},
{
"name": "1035525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035525"
},
{
"name": "39694",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39694/"
}
]
}
}

120
2016/0xxx/CVE-2016-0215.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21979986",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979986"
}
]
}
}

130
2016/0xxx/CVE-2016-0240.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990232",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990232"
},
{
"name" : "93836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990232",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990232"
},
{
"name": "93836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93836"
}
]
}
}

130
2016/0xxx/CVE-2016-0326.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted \"HTML request.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989735",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
},
{
"name" : "93824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93824"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted \"HTML request.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93824"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989735"
}
]
}
}

170
2016/1000xxx/CVE-2016-1000341.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "dgh@bouncycastle.org",
"ID" : "CVE-2016-1000341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bouncy Castle JCE Provider",
"version" : {
"version_data" : [
{
"version_value" : "1.55 and before"
}
]
}
}
]
},
"vendor_name" : "The Legion of the Bouncy Castle Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-385: Covert Timing Channel"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"
},
{
"name" : "https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181127-0004/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181127-0004/"
},
{
"name" : "RHSA-2018:2669",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name" : "RHSA-2018:2927",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name" : "USN-3727-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3727-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180707 [SECURITY] [DLA 1418-1] bouncycastle security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"
},
{
"name": "https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce"
},
{
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181127-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181127-0004/"
},
{
"name": "USN-3727-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
}
]
}
}

34
2016/1xxx/CVE-2016-1512.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1512",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1512",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2016/1xxx/CVE-2016-1572.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2016-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160120 Security issue in eCryptfs-utils (CVE-2016-1572)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/20/6"
},
{
"name" : "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870",
"refsource" : "CONFIRM",
"url" : "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870"
},
{
"name" : "https://bugs.launchpad.net/ecryptfs/+bug/1530566",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ecryptfs/+bug/1530566"
},
{
"name" : "DSA-3450",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3450"
},
{
"name" : "FEDORA-2016-7b9a2fe987",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177396.html"
},
{
"name" : "FEDORA-2016-b02ad4e424",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177359.html"
},
{
"name" : "openSUSE-SU-2016:0239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html"
},
{
"name" : "openSUSE-SU-2016:0291",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html"
},
{
"name" : "openSUSE-SU-2016:0302",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00004.html"
},
{
"name" : "USN-2876-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2876-1"
},
{
"name" : "1034791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00091.html"
},
{
"name": "1034791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034791"
},
{
"name": "openSUSE-SU-2016:0291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00118.html"
},
{
"name": "https://bugs.launchpad.net/ecryptfs/+bug/1530566",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ecryptfs/+bug/1530566"
},
{
"name": "[oss-security] 20160120 Security issue in eCryptfs-utils (CVE-2016-1572)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/20/6"
},
{
"name": "openSUSE-SU-2016:0302",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00004.html"
},
{
"name": "USN-2876-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2876-1"
},
{
"name": "FEDORA-2016-7b9a2fe987",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177396.html"
},
{
"name": "DSA-3450",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3450"
},
{
"name": "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870"
},
{
"name": "FEDORA-2016-b02ad4e424",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177359.html"
}
]
}
}

160
2016/1xxx/CVE-2016-1796.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-361",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-361"
},
{
"name" : "https://support.apple.com/HT206567",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206567"
},
{
"name" : "APPLE-SA-2016-05-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name" : "90696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90696"
},
{
"name" : "1035895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT206567",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206567"
},
{
"name": "APPLE-SA-2016-05-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
},
{
"name": "90696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90696"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-361",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-361"
},
{
"name": "1035895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035895"
}
]
}
}

130
2016/1xxx/CVE-2016-1988.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1988",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05030906",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05030906"
},
{
"name" : "1035192",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-1989."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05030906",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05030906"
},
{
"name": "1035192",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035192"
}
]
}
}

150
2016/5xxx/CVE-2016-5471.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "92020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92020"
},
{
"name" : "1036407",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "92020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92020"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036407"
}
]
}
}

180
2016/5xxx/CVE-2016-5706.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-22/",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-22/"
},
{
"name" : "DSA-3627",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3627"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "openSUSE-SU-2016:1699",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"
},
{
"name" : "openSUSE-SU-2016:1700",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"
},
{
"name" : "91376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6"
},
{
"name": "openSUSE-SU-2016:1700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-22/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-22/"
},
{
"name": "DSA-3627",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3627"
},
{
"name": "91376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91376"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"name": "openSUSE-SU-2016:1699",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html"
}
]
}
}

34
2016/5xxx/CVE-2016-5903.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5903",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5903",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0252.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0252",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0252",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0349.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0349",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0349",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0396.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0396",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/0xxx/CVE-2019-0983.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-0983",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0983",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1113.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1113",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1113",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1329.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1329",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1329",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1622.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1622",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1622",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1813.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1813",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1813",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4003.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4003",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4003",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4282.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4282",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4282",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4459.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4459",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4459",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/4xxx/CVE-2019-4861.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-4861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-4861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5508.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5508",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5508",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5955.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5955",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5955",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/8xxx/CVE-2019-8319.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md",
"refsource" : "MISC",
"url" : "https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md",
"refsource": "MISC",
"url": "https://github.com/lieanu/vuls/blob/master/dlink/DIR-878/staticrouterv4.md"
}
]
}
}

34
2019/8xxx/CVE-2019-8582.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8582",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8582",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/8xxx/CVE-2019-8885.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8885",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8885",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9273",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9273",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/9xxx/CVE-2019-9689.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9689",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9689",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/9xxx/CVE-2019-9729.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation",
"refsource" : "MISC",
"url" : "https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation",
"refsource": "MISC",
"url": "https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation"
}
]
}
}