admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:38:59 +00:00
parent 332af5de6d
commit 38b4073966
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 3815 additions and 3815 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2007/0xxx/CVE-2007-0792.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-0792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070203 Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/459025/100/0/threaded"
},
{
"name" : "http://www.bugzilla.org/security/2.20.3/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/2.20.3/"
},
{
"name" : "22380",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22380"
},
{
"name" : "ADV-2007-0477",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0477"
},
{
"name" : "35862",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35862"
},
{
"name" : "1017585",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017585"
},
{
"name" : "2222",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2222"
},
{
"name" : "bugzilla-htaccess-information-disclosure(32252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32252"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35862",
"refsource": "OSVDB",
"url": "http://osvdb.org/35862"
},
{
"name": "2222",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2222"
},
{
"name": "22380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22380"
},
{
"name": "1017585",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017585"
},
{
"name": "20070203 Security Advisory for Bugzilla 2.20.3, 2.22.1, and 2.23.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459025/100/0/threaded"
},
{
"name": "http://www.bugzilla.org/security/2.20.3/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.20.3/"
},
{
"name": "ADV-2007-0477",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0477"
},
{
"name": "bugzilla-htaccess-information-disclosure(32252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32252"
}
]
}
}

178
2007/2xxx/CVE-2007-2246.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX02183",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370"
},
{
"name" : "SSRT061243",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370"
},
{
"name" : "VU#349305",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/349305"
},
{
"name" : "23606",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23606"
},
{
"name" : "ADV-2007-1504",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1504"
},
{
"name" : "1017966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017966"
},
{
"name" : "24990",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24990"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017966"
},
{
"name": "23606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23606"
},
{
"name": "VU#349305",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/349305"
},
{
"name": "24990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24990"
},
{
"name": "SSRT061243",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370"
},
{
"name": "HPSBUX02183",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370"
},
{
"name": "ADV-2007-1504",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1504"
}
]
}
}

158
2007/2xxx/CVE-2007-2535.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name" : "23823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23823"
},
{
"name" : "41750",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41750"
},
{
"name" : "2680",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2680"
},
{
"name" : "multiple-vendor-zoo-dos(34080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-vendor-zoo-dos(34080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080"
},
{
"name": "23823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23823"
},
{
"name": "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467646/100/0/threaded"
},
{
"name": "41750",
"refsource": "OSVDB",
"url": "http://osvdb.org/41750"
},
{
"name": "2680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2680"
}
]
}
}

158
2007/3xxx/CVE-2007-3152.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup",
"refsource" : "CONFIRM",
"url" : "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup"
},
{
"name" : "24386",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24386"
},
{
"name" : "37171",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37171"
},
{
"name" : "25579",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25579"
},
{
"name" : "cares-transactionid-dns-spoofing(34979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34979"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cares-transactionid-dns-spoofing(34979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34979"
},
{
"name": "37171",
"refsource": "OSVDB",
"url": "http://osvdb.org/37171"
},
{
"name": "25579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25579"
},
{
"name": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup",
"refsource": "CONFIRM",
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24386"
}
]
}
}

178
2007/3xxx/CVE-2007-3267.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070618 fuzzylime (forum) XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471649/100/0/threaded"
},
{
"name" : "http://forum.fuzzylime.co.uk/st/content/download/",
"refsource" : "MISC",
"url" : "http://forum.fuzzylime.co.uk/st/content/download/"
},
{
"name" : "http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html",
"refsource" : "MISC",
"url" : "http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html"
},
{
"name" : "24522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24522"
},
{
"name" : "36406",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36406"
},
{
"name" : "2815",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2815"
},
{
"name" : "fuzzylime-fromaction-xss(35137)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35137"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fuzzylime-fromaction-xss(35137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35137"
},
{
"name": "24522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24522"
},
{
"name": "36406",
"refsource": "OSVDB",
"url": "http://osvdb.org/36406"
},
{
"name": "2815",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2815"
},
{
"name": "http://forum.fuzzylime.co.uk/st/content/download/",
"refsource": "MISC",
"url": "http://forum.fuzzylime.co.uk/st/content/download/"
},
{
"name": "http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html",
"refsource": "MISC",
"url": "http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html"
},
{
"name": "20070618 fuzzylime (forum) XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471649/100/0/threaded"
}
]
}
}

168
2007/3xxx/CVE-2007-3303.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070529 Apache httpd vulenrabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469899/100/0/threaded"
},
{
"name" : "20070619 Apache Prefork MPM vulnerabilities - Report",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471832/100/0/threaded"
},
{
"name" : "http://security.psnc.pl/files/apache_report.pdf",
"refsource" : "MISC",
"url" : "http://security.psnc.pl/files/apache_report.pdf"
},
{
"name" : "24215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24215"
},
{
"name" : "37050",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37050"
},
{
"name" : "2814",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2814"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.psnc.pl/files/apache_report.pdf",
"refsource": "MISC",
"url": "http://security.psnc.pl/files/apache_report.pdf"
},
{
"name": "37050",
"refsource": "OSVDB",
"url": "http://osvdb.org/37050"
},
{
"name": "20070529 Apache httpd vulenrabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded"
},
{
"name": "2814",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2814"
},
{
"name": "20070619 Apache Prefork MPM vulnerabilities - Report",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded"
},
{
"name": "24215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24215"
}
]
}
}

168
2007/3xxx/CVE-2007-3348.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=218&",
"refsource" : "MISC",
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=218&"
},
{
"name" : "24538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24538"
},
{
"name" : "ADV-2007-2320",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2320"
},
{
"name" : "36158",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36158"
},
{
"name" : "25803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25803"
},
{
"name" : "dlink-wifi-sipinvite-dos(35062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35062"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2320"
},
{
"name": "24538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24538"
},
{
"name": "dlink-wifi-sipinvite-dos(35062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35062"
},
{
"name": "25803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25803"
},
{
"name": "36158",
"refsource": "OSVDB",
"url": "http://osvdb.org/36158"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=218&",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=218&"
}
]
}
}

158
2007/4xxx/CVE-2007-4028.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070722 Webspell 4.x Local File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/474416/100/0/threaded"
},
{
"name" : "25012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25012"
},
{
"name" : "37516",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37516"
},
{
"name" : "26172",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26172"
},
{
"name" : "2927",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2927"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26172"
},
{
"name": "2927",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2927"
},
{
"name": "20070722 Webspell 4.x Local File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474416/100/0/threaded"
},
{
"name": "25012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25012"
},
{
"name": "37516",
"refsource": "OSVDB",
"url": "http://osvdb.org/37516"
}
]
}
}

178
2007/4xxx/CVE-2007-4669.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name" : "http://tracker.firebirdsql.org/browse/CORE-1148",
"refsource" : "CONFIRM",
"url" : "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"name" : "http://www.firebirdsql.org/index.php?op=files&id=engine_202",
"refsource" : "CONFIRM",
"url" : "http://www.firebirdsql.org/index.php?op=files&id=engine_202"
},
{
"name" : "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name" : "DSA-1529",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1529"
},
{
"name" : "25497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25497"
},
{
"name" : "29501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29501"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1148",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files&id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files&id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}

188
2007/4xxx/CVE-2007-4689.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=307041",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name" : "APPLE-SA-2007-11-14",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name" : "TA07-319A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
},
{
"name" : "26444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26444"
},
{
"name" : "ADV-2007-3868",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name" : "1018950",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018950"
},
{
"name" : "27643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27643"
},
{
"name" : "macosx-ipv6-code-execution(38474)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38474"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018950",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018950"
},
{
"name": "26444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26444"
},
{
"name": "APPLE-SA-2007-11-14",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307041",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307041"
},
{
"name": "macosx-ipv6-code-execution(38474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38474"
},
{
"name": "ADV-2007-3868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3868"
},
{
"name": "27643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27643"
},
{
"name": "TA07-319A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
}
]
}
}

168
2007/4xxx/CVE-2007-4787.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sophos.com/support/knowledgebase/article/29146.html",
"refsource" : "CONFIRM",
"url" : "http://www.sophos.com/support/knowledgebase/article/29146.html"
},
{
"name" : "25574",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25574"
},
{
"name" : "ADV-2007-3078",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3078"
},
{
"name" : "37988",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37988"
},
{
"name" : "26726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26726"
},
{
"name" : "sophos-archive-security-bypass(36502)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36502"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25574"
},
{
"name": "http://www.sophos.com/support/knowledgebase/article/29146.html",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/support/knowledgebase/article/29146.html"
},
{
"name": "37988",
"refsource": "OSVDB",
"url": "http://osvdb.org/37988"
},
{
"name": "sophos-archive-security-bypass(36502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36502"
},
{
"name": "ADV-2007-3078",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3078"
},
{
"name": "26726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26726"
}
]
}
}

178
2007/4xxx/CVE-2007-4795.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3848",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3848"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3849",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3849"
},
{
"name" : "IY91132",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY91132"
},
{
"name" : "IY91145",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY91145"
},
{
"name" : "25558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25558"
},
{
"name" : "ADV-2007-3059",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3059"
},
{
"name" : "26715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26715"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3848",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3848"
},
{
"name": "IY91132",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY91132"
},
{
"name": "25558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25558"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3849",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3849"
},
{
"name": "26715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26715"
},
{
"name": "ADV-2007-3059",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3059"
},
{
"name": "IY91145",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY91145"
}
]
}
}

128
2007/6xxx/CVE-2007-6409.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071205 [ELEYTT] Public Advisory 05-12-2007",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484607/100/0/threaded"
},
{
"name" : "3458",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3458"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071205 [ELEYTT] Public Advisory 05-12-2007",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"
},
{
"name": "3458",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3458"
}
]
}
}

168
2007/6xxx/CVE-2007-6412.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071209 Bitweaver XSS & SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484805/100/0/threaded"
},
{
"name" : "http://www.hackerscenter.com/archive/view.asp?id=28129",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/archive/view.asp?id=28129"
},
{
"name" : "26801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26801"
},
{
"name" : "40148",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40148"
},
{
"name" : "3428",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3428"
},
{
"name" : "3454",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3454"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40148",
"refsource": "OSVDB",
"url": "http://osvdb.org/40148"
},
{
"name": "3454",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3454"
},
{
"name": "http://www.hackerscenter.com/archive/view.asp?id=28129",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/archive/view.asp?id=28129"
},
{
"name": "20071209 Bitweaver XSS & SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484805/100/0/threaded"
},
{
"name": "3428",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3428"
},
{
"name": "26801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26801"
}
]
}
}

158
2010/1xxx/CVE-2010-1244.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://activemq.apache.org/activemq-531-release.html",
"refsource" : "CONFIRM",
"url" : "http://activemq.apache.org/activemq-531-release.html"
},
{
"name" : "https://issues.apache.org/activemq/browse/AMQ-2613",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/activemq/browse/AMQ-2613"
},
{
"name" : "https://issues.apache.org/activemq/browse/AMQ-2625",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/activemq/browse/AMQ-2625"
},
{
"name" : "39223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39223"
},
{
"name" : "activemq-web-console-csrf(57398)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57398"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/activemq/browse/AMQ-2613",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/activemq/browse/AMQ-2613"
},
{
"name": "http://activemq.apache.org/activemq-531-release.html",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/activemq-531-release.html"
},
{
"name": "39223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39223"
},
{
"name": "activemq-web-console-csrf(57398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57398"
},
{
"name": "https://issues.apache.org/activemq/browse/AMQ-2625",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/activemq/browse/AMQ-2625"
}
]
}
}

128
2010/5xxx/CVE-2010-5139.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bitcointalk.org/index.php?topic=822.0",
"refsource" : "CONFIRM",
"url" : "https://bitcointalk.org/index.php?topic=822.0"
},
{
"name" : "https://en.bitcoin.it/wiki/CVEs",
"refsource" : "CONFIRM",
"url" : "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitcointalk.org/index.php?topic=822.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=822.0"
},
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}

188
2010/5xxx/CVE-2010-5278.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt"
},
{
"name" : "http://www.johnleitch.net/Vulnerabilities/MODx.Revolution.2.0.2-pl.Local.File.Inclusion/49",
"refsource" : "MISC",
"url" : "http://www.johnleitch.net/Vulnerabilities/MODx.Revolution.2.0.2-pl.Local.File.Inclusion/49"
},
{
"name" : "http://modxcms.com/forums/index.php/topic,55104.0.html",
"refsource" : "CONFIRM",
"url" : "http://modxcms.com/forums/index.php/topic,55104.0.html"
},
{
"name" : "http://modxcms.com/forums/index.php/topic,55105.msg317273.html",
"refsource" : "CONFIRM",
"url" : "http://modxcms.com/forums/index.php/topic,55105.msg317273.html"
},
{
"name" : "43577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43577"
},
{
"name" : "68265",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68265"
},
{
"name" : "41638",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41638"
},
{
"name" : "modx-classkey-file-include(62073)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62073"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt"
},
{
"name": "http://modxcms.com/forums/index.php/topic,55104.0.html",
"refsource": "CONFIRM",
"url": "http://modxcms.com/forums/index.php/topic,55104.0.html"
},
{
"name": "43577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43577"
},
{
"name": "41638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41638"
},
{
"name": "modx-classkey-file-include(62073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62073"
},
{
"name": "http://www.johnleitch.net/Vulnerabilities/MODx.Revolution.2.0.2-pl.Local.File.Inclusion/49",
"refsource": "MISC",
"url": "http://www.johnleitch.net/Vulnerabilities/MODx.Revolution.2.0.2-pl.Local.File.Inclusion/49"
},
{
"name": "http://modxcms.com/forums/index.php/topic,55105.msg317273.html",
"refsource": "CONFIRM",
"url": "http://modxcms.com/forums/index.php/topic,55105.msg317273.html"
},
{
"name": "68265",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68265"
}
]
}
}

118
2010/5xxx/CVE-2010-5320.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB22662",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB22662"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to admin.php, (2) modify articles via an articles action to admin.php, or (3) modify credentials via a users action to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22662",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22662"
}
]
}
}

148
2014/0xxx/CVE-2014-0040.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/heat-templates/+bug/1267635",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/heat-templates/+bug/1267635"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059514",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059514"
},
{
"name" : "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3"
},
{
"name" : "RHSA-2014:0579",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0579.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/heat-templates/+bug/1267635",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/heat-templates/+bug/1267635"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059514",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059514"
},
{
"name": "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/heat-templates/commit/65a4f8bebc72da71c616e2e378b7b1ac354db1a3"
},
{
"name": "RHSA-2014:0579",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0579.html"
}
]
}
}

138
2014/100xxx/CVE-2014-100007.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-100007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/hk-exif-tags/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/hk-exif-tags/changelog/"
},
{
"name" : "57753",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57753"
},
{
"name" : "hkexif-wordpress-xss(92555)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92555"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57753"
},
{
"name": "https://wordpress.org/plugins/hk-exif-tags/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/hk-exif-tags/changelog/"
},
{
"name": "hkexif-wordpress-xss(92555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92555"
}
]
}
}

148
2014/1xxx/CVE-2014-1302.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1302",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-04-01-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"
},
{
"name" : "APPLE-SA-2014-04-22-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
},
{
"name" : "APPLE-SA-2014-04-22-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-04-22-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
},
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-04-22-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
},
{
"name": "APPLE-SA-2014-04-01-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html"
}
]
}
}

188
2014/1xxx/CVE-2014-1401.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140205 Multiple SQL Injection Vulnerabilities in AuraCMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/530930/100/0/threaded"
},
{
"name" : "31520",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/31520"
},
{
"name" : "http://packetstormsecurity.com/files/125079",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/125079"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23196",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23196"
},
{
"name" : "https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade",
"refsource" : "CONFIRM",
"url" : "https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade"
},
{
"name" : "https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747",
"refsource" : "CONFIRM",
"url" : "https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747"
},
{
"name" : "56804",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56804"
},
{
"name" : "auracms-cve20141401-sql-injection(90965)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90965"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747",
"refsource": "CONFIRM",
"url": "https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747"
},
{
"name": "https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade",
"refsource": "CONFIRM",
"url": "https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade"
},
{
"name": "auracms-cve20141401-sql-injection(90965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90965"
},
{
"name": "31520",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31520"
},
{
"name": "20140205 Multiple SQL Injection Vulnerabilities in AuraCMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530930/100/0/threaded"
},
{
"name": "56804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56804"
},
{
"name": "http://packetstormsecurity.com/files/125079",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125079"
},
{
"name": "https://www.htbridge.com/advisory/HTB23196",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23196"
}
]
}
}

32
2014/1xxx/CVE-2014-1629.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1629",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1629",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

338
2014/1xxx/CVE-2014-1874.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-1874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140206 Re: CVE Request: Linux kernel: SELinux local DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/02/07/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062356",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062356"
},
{
"name" : "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0771.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0771.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3043.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3043.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "USN-2128-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2128-1"
},
{
"name" : "USN-2129-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2129-1"
},
{
"name" : "USN-2133-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2133-1"
},
{
"name" : "USN-2134-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2134-1"
},
{
"name" : "USN-2135-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2135-1"
},
{
"name" : "USN-2136-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2136-1"
},
{
"name" : "USN-2137-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2137-1"
},
{
"name" : "USN-2138-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2138-1"
},
{
"name" : "USN-2139-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2139-1"
},
{
"name" : "USN-2140-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2140-1"
},
{
"name" : "USN-2141-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2141-1"
},
{
"name" : "65459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65459"
},
{
"name" : "59309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59309"
},
{
"name" : "59262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59262"
},
{
"name" : "59406",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59406"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2135-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2135-1"
},
{
"name": "USN-2138-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2138-1"
},
{
"name": "USN-2137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2137-1"
},
{
"name": "USN-2141-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2141-1"
},
{
"name": "USN-2129-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2129-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98"
},
{
"name": "USN-2136-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2136-1"
},
{
"name": "USN-2128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2128-1"
},
{
"name": "USN-2140-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2140-1"
},
{
"name": "[oss-security] 20140206 Re: CVE Request: Linux kernel: SELinux local DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/2"
},
{
"name": "59262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59262"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1062356",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062356"
},
{
"name": "USN-2139-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2139-1"
},
{
"name": "59309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59309"
},
{
"name": "59406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59406"
},
{
"name": "USN-2134-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2134-1"
},
{
"name": "65459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65459"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0771.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0771.html"
},
{
"name": "USN-2133-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2133-1"
},
{
"name": "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3043.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3043.html"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

32
2014/5xxx/CVE-2014-5083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5083",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5083",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2015/2xxx/CVE-2015-2071.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36089",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/36089"
},
{
"name" : "20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Feb/47"
},
{
"name" : "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html"
},
{
"name" : "74887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74887"
},
{
"name" : "118357",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/118357"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74887"
},
{
"name": "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130386/eTouch-Samepage-4.4.0.0.239-SQL-Injection-File-Read.html"
},
{
"name": "118357",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/118357"
},
{
"name": "36089",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36089"
},
{
"name": "20150213 eTouch SamePage v4.4.0.0.239 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Feb/47"
}
]
}
}

32
2015/2xxx/CVE-2015-2105.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2105",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2105",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2015/2xxx/CVE-2015-2284.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-107/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-107/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-107/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-107/"
}
]
}
}

128
2015/2xxx/CVE-2015-2371.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka \"Windows Installer EoP Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-074",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-074"
},
{
"name" : "1032905",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032905"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka \"Windows Installer EoP Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-074"
},
{
"name": "1032905",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032905"
}
]
}
}

148
2015/2xxx/CVE-2015-2372.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065"
},
{
"name" : "MS15-066",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-066"
},
{
"name" : "1032894",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032894"
},
{
"name" : "1032895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032895"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-066"
},
{
"name": "1032894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032894"
},
{
"name": "MS15-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065"
},
{
"name": "1032895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032895"
}
]
}
}

188
2015/2xxx/CVE-2015-2659.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727"
},
{
"name" : "GLSA-201603-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-11"
},
{
"name" : "RHSA-2015:1228",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name" : "RHSA-2015:1241",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"name" : "openSUSE-SU-2015:1289",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name" : "75877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75877"
},
{
"name" : "1032910",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032910"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "75877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75877"
},
{
"name": "1032910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032910"
},
{
"name": "openSUSE-SU-2015:1289",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"name": "RHSA-2015:1228",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"name": "GLSA-201603-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727"
},
{
"name": "RHSA-2015:1241",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
}
]
}
}

128
2015/6xxx/CVE-2015-6364.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151113 Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds"
},
{
"name" : "1034159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034159"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID CSCuv86960."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151113 Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds"
},
{
"name": "1034159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034159"
}
]
}
}

238
2015/6xxx/CVE-2015-6791.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-6791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=534994",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=534994"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=555784",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=555784"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=558840",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=558840"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=559310",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=559310"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=567513",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=567513"
},
{
"name" : "DSA-3418",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3418"
},
{
"name" : "GLSA-201603-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-09"
},
{
"name" : "RHSA-2015:2618",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
},
{
"name" : "openSUSE-SU-2015:2290",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
},
{
"name" : "openSUSE-SU-2015:2291",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
},
{
"name" : "USN-2860-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2860-1"
},
{
"name" : "78734",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78734"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=558840",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=558840"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=534994",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=534994"
},
{
"name": "RHSA-2015:2618",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2618.html"
},
{
"name": "openSUSE-SU-2015:2290",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html"
},
{
"name": "DSA-3418",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3418"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "78734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78734"
},
{
"name": "USN-2860-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2860-1"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=559310",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=559310"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=567513",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=567513"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=555784",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=555784"
},
{
"name": "openSUSE-SU-2015:2291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html"
}
]
}
}

32
2015/6xxx/CVE-2015-6899.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-6899",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-6899",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

118
2016/0xxx/CVE-2016-0271.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-0271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
}
]
}
}

32
2016/1000xxx/CVE-2016-1000106.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-1000106",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5388. Reason: This candidate is a duplicate of CVE-2016-5388. Notes: All CVE users should reference CVE-2016-5388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-1000106",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5388. Reason: This candidate is a duplicate of CVE-2016-5388. Notes: All CVE users should reference CVE-2016-5388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

138
2016/10xxx/CVE-2016-10194.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170131 CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/31/14"
},
{
"name" : "[oss-security] 20170202 Re: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/5"
},
{
"name" : "https://github.com/spejman/festivaltts4r/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/spejman/festivaltts4r/issues/1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/5"
},
{
"name": "[oss-security] 20170131 CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/14"
},
{
"name": "https://github.com/spejman/festivaltts4r/issues/1",
"refsource": "MISC",
"url": "https://github.com/spejman/festivaltts4r/issues/1"
}
]
}
}

118
2016/10xxx/CVE-2016-10367.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341"
}
]
}
}

32
2016/10xxx/CVE-2016-10470.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10470",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10470",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2016/4xxx/CVE-2016-4272.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name" : "GLSA-201610-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-10"
},
{
"name" : "RHSA-2016:1865",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name" : "92927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92927"
},
{
"name" : "1036791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036791"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201610-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name": "RHSA-2016:1865",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name": "92927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92927"
},
{
"name": "1036791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036791"
}
]
}
}

148
2016/4xxx/CVE-2016-4865.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.cybozu.com/ja-jp/article/9430",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/9430"
},
{
"name" : "JVN#06726266",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN06726266/index.html"
},
{
"name" : "JVNDB-2016-000184",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html"
},
{
"name" : "93281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93281"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9430",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9430"
},
{
"name": "93281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93281"
},
{
"name": "JVNDB-2016-000184",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html"
},
{
"name": "JVN#06726266",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06726266/index.html"
}
]
}
}

32
2016/8xxx/CVE-2016-8034.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8034",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8034",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/9xxx/CVE-2016-9188.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html"
},
{
"name" : "94189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94189"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94189"
},
{
"name": "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html"
}
]
}
}

170
2016/9xxx/CVE-2016-9729.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.1 MR1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7.2.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.1 MR1"
},
{
"version_value": "7.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7.2.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999545",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999545"
},
{
"name" : "96538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96538"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999545",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999545"
},
{
"name": "96538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96538"
}
]
}
}

170
2016/9xxx/CVE-2016-9740.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.1 MR1"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.2"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7"
},
{
"version_value" : "7.1 MR2"
},
{
"version_value" : "7.2.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.1 MR1"
},
{
"version_value": "7.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7"
},
{
"version_value": "7.1 MR2"
},
{
"version_value": "7.2.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999556",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999556"
},
{
"name" : "96535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96535"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96535"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999556",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999556"
}
]
}
}

118
2016/9xxx/CVE-2016-9750.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QRadar SIEM",
"version" : {
"version_data" : [
{
"version_value" : "7.2, 7.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QRadar SIEM",
"version": {
"version_data": [
{
"version_value": "7.2, 7.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003137",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003137"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003137",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003137"
}
]
}
}

148
2016/9xxx/CVE-2016-9964.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "redirect() in bottle.py in bottle 0.12.10 doesn't filter a \"\\r\\n\" sequence, which leads to a CRLF attack, as demonstrated by a redirect(\"233\\r\\nSet-Cookie: name=salt\") call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54",
"refsource" : "CONFIRM",
"url" : "https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54"
},
{
"name" : "https://github.com/bottlepy/bottle/issues/913",
"refsource" : "CONFIRM",
"url" : "https://github.com/bottlepy/bottle/issues/913"
},
{
"name" : "DSA-3743",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3743"
},
{
"name" : "94961",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94961"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "redirect() in bottle.py in bottle 0.12.10 doesn't filter a \"\\r\\n\" sequence, which leads to a CRLF attack, as demonstrated by a redirect(\"233\\r\\nSet-Cookie: name=salt\") call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bottlepy/bottle/issues/913",
"refsource": "CONFIRM",
"url": "https://github.com/bottlepy/bottle/issues/913"
},
{
"name": "https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54",
"refsource": "CONFIRM",
"url": "https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54"
},
{
"name": "DSA-3743",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3743"
},
{
"name": "94961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94961"
}
]
}
}

32
2019/2xxx/CVE-2019-2377.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2377",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2377",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2019/2xxx/CVE-2019-2450.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.24"
},
{
"version_affected" : "<",
"version_value" : "6.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.24"
},
{
"version_affected": "<",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106568"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106568"
}
]
}
}

138
2019/2xxx/CVE-2019-2556.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.24"
},
{
"version_affected" : "<",
"version_value" : "6.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.24"
},
{
"version_affected": "<",
"version_value": "6.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106568"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106568"
}
]
}
}

32
2019/2xxx/CVE-2019-2895.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2895",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2895",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3001.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3001",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3001",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3359.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3359",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3359",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3890.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3890",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3890",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/3xxx/CVE-2019-3989.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-3989",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3989",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6072.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6072",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6072",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/6xxx/CVE-2019-6600.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-03-11T00:00:00",
"ID" : "CVE-2019-6600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : {
"version_data" : [
{
"version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the \"guest\" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2019-03-11T00:00:00",
"ID": "CVE-2019-6600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K23734425",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K23734425"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrative users and all external users are granted the \"guest\" role, unsanitized values can be reflected to the client via the login page. This can lead to a cross-site scripting attack against unauthenticated clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K23734425",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K23734425"
}
]
}
}

32
2019/6xxx/CVE-2019-6627.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6627",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6627",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6705.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6705",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6705",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/6xxx/CVE-2019-6853.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6853",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6853",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7524.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7524",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7524",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7625.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7625",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7625",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/7xxx/CVE-2019-7642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7642",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2019/8xxx/CVE-2019-8645.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-8645",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8645",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}