admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:50:22 +00:00
parent df3452f3c7
commit 43ada57ca9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3150 additions and 3150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2007/2xxx/CVE-2007-2088.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2088", "ID": "CVE-2007-2088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070414 Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465860/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php."
{ }
"name" : "35393", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/35393" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35394", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35394" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2586", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/2586" ]
}, },
{ "references": {
"name" : "sitebar-index-integrator-file-include(33688)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33688" "name": "35393",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/35393"
} },
} {
"name": "sitebar-index-integrator-file-include(33688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33688"
},
{
"name": "2586",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2586"
},
{
"name": "20070414 Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465860/100/0/threaded"
},
{
"name": "35394",
"refsource": "OSVDB",
"url": "http://osvdb.org/35394"
}
]
}
}

180
2007/2xxx/CVE-2007-2615.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2615", "ID": "CVE-2007-2615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3875", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3875" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php."
{ }
"name" : "23879", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23879" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1735", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1735" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37796", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37796" ]
}, },
{ "references": {
"name" : "37797", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37797" "name": "phplojafacil-pathlocal-file-include(34178)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34178"
"name" : "37798", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37798" "name": "3875",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/3875"
"name" : "phplojafacil-pathlocal-file-include(34178)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34178" "name": "ADV-2007-1735",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/1735"
} },
} {
"name": "37797",
"refsource": "OSVDB",
"url": "http://osvdb.org/37797"
},
{
"name": "37796",
"refsource": "OSVDB",
"url": "http://osvdb.org/37796"
},
{
"name": "37798",
"refsource": "OSVDB",
"url": "http://osvdb.org/37798"
},
{
"name": "23879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23879"
}
]
}
}

190
2007/2xxx/CVE-2007-2675.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2675", "ID": "CVE-2007-2675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3840", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3840" "lang": "eng",
}, "value": "SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter."
{ }
"name" : "http://www.securityfocus.com/bid/52543/exploit", ]
"refsource" : "MISC", },
"url" : "http://www.securityfocus.com/bid/52543/exploit" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23795", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23795" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52543", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52543" ]
}, },
{ "references": {
"name" : "ADV-2007-1655", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1655" "name": "3840",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/3840"
"name" : "35597", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35597" "name": "preclassifiedlistings-search-sql-injection(34037)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34037"
"name" : "25144", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25144" "name": "ADV-2007-1655",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1655"
"name" : "preclassifiedlistings-search-sql-injection(34037)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34037" "name": "23795",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/23795"
} },
} {
"name": "http://www.securityfocus.com/bid/52543/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/52543/exploit"
},
{
"name": "35597",
"refsource": "OSVDB",
"url": "http://osvdb.org/35597"
},
{
"name": "25144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25144"
},
{
"name": "52543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52543"
}
]
}
}

170
2007/2xxx/CVE-2007-2945.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2945", "ID": "CVE-2007-2945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070526 RMForum Database Disclosure Vulnerabilitiy", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/469716/100/0/threaded" "lang": "eng",
}, "value": "RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb."
{ }
"name" : "ADV-2007-1969", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2007/1969" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36696", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36696" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25455", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25455" ]
}, },
{ "references": {
"name" : "2754", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2754" "name": "20070526 RMForum Database Disclosure Vulnerabilitiy",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/469716/100/0/threaded"
"name" : "rmforum-database-information-disclosure(34561)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34561" "name": "36696",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/36696"
} },
} {
"name": "rmforum-database-information-disclosure(34561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34561"
},
{
"name": "ADV-2007-1969",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1969"
},
{
"name": "2754",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2754"
},
{
"name": "25455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25455"
}
]
}
}

170
2007/3xxx/CVE-2007-3264.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3264", "ID": "CVE-2007-3264",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27007951" "lang": "eng",
}, "value": "Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors."
{ }
"name" : "24505", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24505" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "41611", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/41611" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2234", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2234" ]
}, },
{ "references": {
"name" : "25704", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25704" "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951",
}, "refsource": "CONFIRM",
{ "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951"
"name" : "websphere-pdtools-unspecified(34904)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34904" "name": "websphere-pdtools-unspecified(34904)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34904"
} },
} {
"name": "25704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25704"
},
{
"name": "ADV-2007-2234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2234"
},
{
"name": "24505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24505"
},
{
"name": "41611",
"refsource": "OSVDB",
"url": "http://osvdb.org/41611"
}
]
}
}

170
2007/3xxx/CVE-2007-3536.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3536", "ID": "CVE-2007-3536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4123", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4123" "lang": "eng",
}, "value": "Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values."
{ }
"name" : "24703", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24703" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2387", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2387" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37672", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37672" ]
}, },
{ "references": {
"name" : "25891", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25891" "name": "amxnetlinx-hostpasswordlogfile-bo(35155)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35155"
"name" : "amxnetlinx-hostpasswordlogfile-bo(35155)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35155" "name": "24703",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/24703"
} },
} {
"name": "37672",
"refsource": "OSVDB",
"url": "http://osvdb.org/37672"
},
{
"name": "4123",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4123"
},
{
"name": "25891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25891"
},
{
"name": "ADV-2007-2387",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2387"
}
]
}
}

520
2007/3xxx/CVE-2007-3896.json
View File

@ -1,262 +1,262 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2007-3896", "ID": "CVE-2007-3896",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071011 M$ will fix URI?", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/482090/100/0/threaded" "lang": "eng",
}, "value": "The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid \"%\" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers."
{ }
"name" : "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/482292/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/482437/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20071004 Re: 0day: mIRC pwns Windows", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/481505/100/0/threaded" ]
}, },
{ "references": {
"name" : "20071004 Re[2]: 0day: mIRC pwns Windows", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481493/100/100/threaded" "name": "20071017 Re: Third-party patch for CVE-2007-3896, UPDATE NOW",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/482437/100/0/threaded"
"name" : "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481624/100/0/threaded" "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=119159477404263&w=2"
"name" : "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481664/100/0/threaded" "name": "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481871/100/0/threaded"
"name" : "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481671/100/0/threaded" "name": "http://www.heise-security.co.uk/news/96982",
}, "refsource": "MISC",
{ "url": "http://www.heise-security.co.uk/news/96982"
"name" : "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481680/100/0/threaded" "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481680/100/0/threaded"
"name" : "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481881/100/0/threaded" "name": "20071006 Re[2]: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481664/100/0/threaded"
"name" : "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481846/100/0/threaded" "name": "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=119159924712561&w=2"
"name" : "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481839/100/0/threaded" "name": "http://blogs.zdnet.com/security/?p=577",
}, "refsource": "MISC",
{ "url": "http://blogs.zdnet.com/security/?p=577"
"name" : "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481887/100/0/threaded" "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481867/100/0/threaded"
"name" : "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481867/100/0/threaded" "name": "HPSBST02291",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
"name" : "20071009 RE: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481871/100/0/threaded" "name": "26201",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26201"
"name" : "http://blogs.zdnet.com/security/?p=577", },
"refsource" : "MISC", {
"url" : "http://blogs.zdnet.com/security/?p=577" "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=119168062128026&w=2"
"name" : "http://www.heise-security.co.uk/news/96982", },
"refsource" : "MISC", {
"url" : "http://www.heise-security.co.uk/news/96982" "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=119171444628628&w=2"
"name" : "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/", },
"refsource" : "MISC", {
"url" : "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/" "name": "SSRT071498",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded"
"name" : "20071003 0day: mIRC pwns Windows", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=119143780202107&w=2" "name": "oval:org.mitre.oval:def:4581",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581"
"name" : "20071003 Re: 0day: mIRC pwns Windows", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=119144449915918&w=2" "name": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/",
}, "refsource": "MISC",
{ "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
"name" : "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=119159924712561&w=2" "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=119175323322021&w=2"
"name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=119168062128026&w=2" "name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481846/100/0/threaded"
"name" : "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=119195904813505&w=2" "name": "1018831",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1018831"
"name" : "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=119194714125580&w=2" "name": "20071009 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=119194714125580&w=2"
"name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=119171444628628&w=2" "name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=119168727402084&w=2"
"name" : "20071005 URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=119159477404263&w=2" "name": "20071007 Re: Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481881/100/0/threaded"
"name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=119168727402084&w=2" "name": "20071006 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481671/100/0/threaded"
"name" : "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=119170531020020&w=2" "name": "20071007 Re[2]: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481839/100/0/threaded"
"name" : "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=119175323322021&w=2" "name": "TA07-317A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html"
"name" : "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype", },
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=119180333805950&w=2" "name": "20071007 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=119180333805950&w=2"
"name" : "HPSBST02291", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/484186/100/0/threaded" "name": "943521",
}, "refsource": "MSKB",
{ "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
"name" : "SSRT071498", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/484186/100/0/threaded" "name": "20071004 Re[2]: 0day: mIRC pwns Windows",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481493/100/100/threaded"
"name" : "MS07-061", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061" "name": "20071005 RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481624/100/0/threaded"
"name" : "943521", },
"refsource" : "MSKB", {
"url" : "http://www.microsoft.com/technet/security/advisory/943521.mspx" "name": "MS07-061",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-061"
"name" : "TA07-317A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-317A.html" "name": "25945",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25945"
"name" : "VU#403150", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/403150" "name": "20071008 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481887/100/0/threaded"
"name" : "25945", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25945" "name": "20071014 Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/482292/100/0/threaded"
"name" : "oval:org.mitre.oval:def:4581", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4581" "name": "VU#403150",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/403150"
"name" : "1018822", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018822" "name": "20071011 M$ will fix URI?",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/482090/100/0/threaded"
"name" : "1018831", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018831" "name": "20071003 0day: mIRC pwns Windows",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=119143780202107&w=2"
"name" : "26201", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26201" "name": "20071004 Re: 0day: mIRC pwns Windows",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/481505/100/0/threaded"
} },
} {
"name": "20071007 Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=119195904813505&w=2"
},
{
"name": "20071006 Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=119170531020020&w=2"
},
{
"name": "20071003 Re: 0day: mIRC pwns Windows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=119144449915918&w=2"
},
{
"name": "1018822",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018822"
}
]
}
}

180
2007/6xxx/CVE-2007-6679.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6679", "ID": "CVE-2007-6679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to \"security concerns with monitor role users.\" NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951" "lang": "eng",
}, "value": "Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to \"security concerns with monitor role users.\" NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected."
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876", ]
"refsource" : "CONFIRM", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg27006876" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "PK45768", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK45768&apar=only" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-3955", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/3955" ]
}, },
{ "references": {
"name" : "ADV-2008-0241", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0241" "name": "ADV-2007-3955",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3955"
"name" : "1019174", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019174" "name": "1019174",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019174"
"name" : "28588", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28588" "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876",
} "refsource": "CONFIRM",
] "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
} },
} {
"name": "ADV-2008-0241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0241"
},
{
"name": "28588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28588"
},
{
"name": "PK45768",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK45768&apar=only"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951"
}
]
}
}

130
2007/6xxx/CVE-2007-6735.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6735", "ID": "CVE-2007-6735",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" "lang": "eng",
}, "value": "NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session."
{ }
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=260459", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=260459" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=260459",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=260459"
}
]
}
}

34
2010/1xxx/CVE-2010-1435.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1435", "ID": "CVE-2010-1435",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2010/1xxx/CVE-2010-1779.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1779", "ID": "CVE-2010-1779",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2010/5xxx/CVE-2010-5190.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5190", "ID": "CVE-2010-5190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.bluecoat.com/index?page=content&id=SA48", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.bluecoat.com/index?page=content&id=SA48" "lang": "eng",
} "value": "The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content&id=SA48",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content&id=SA48"
}
]
}
}

130
2010/5xxx/CVE-2010-5214.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5214", "ID": "CVE-2010-5214",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dtp file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 allows local users to gain privileges via a Trojan horse Fwpuclnt.dll file in the current working directory, as demonstrated by a directory that contains a .dtp file. NOTE: some of these details are obtained from third party information."
{ }
"name" : "41498", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/41498" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/",
"refsource": "MISC",
"url": "http://www.exploit-db.com/dll-hijacking-vulnerable-applications/"
},
{
"name": "41498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41498"
}
]
}
}

120
2014/0xxx/CVE-2014-0085.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0085", "ID": "CVE-2014-0085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085" "lang": "eng",
} "value": "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085"
}
]
}
}

34
2014/0xxx/CVE-2014-0702.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0702", "ID": "CVE-2014-0702",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/0xxx/CVE-2014-0762.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-0762", "ID": "CVE-2014-0762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01" "lang": "eng",
} "value": "The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-238-01"
}
]
}
}

180
2014/0xxx/CVE-2014-0835.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-0835", "ID": "CVE-2014-0835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140124 ADV: IBM QRadar SIEM", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Jan/166" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings."
{ }
"name" : "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html", ]
"refsource" : "MISC", },
"url" : "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663066", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663066" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "65127", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/65127" ]
}, },
{ "references": {
"name" : "102554", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102554" "name": "65127",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/65127"
"name" : "56653", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56653" "name": "ibm-qradar-cve20140835-csrf(90678)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90678"
"name" : "ibm-qradar-cve20140835-csrf(90678)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90678" "name": "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html",
} "refsource": "MISC",
] "url": "http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html"
} },
} {
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663066",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663066"
},
{
"name": "102554",
"refsource": "OSVDB",
"url": "http://osvdb.org/102554"
},
{
"name": "20140124 ADV: IBM QRadar SIEM",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jan/166"
},
{
"name": "56653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56653"
}
]
}
}

140
2014/0xxx/CVE-2014-0933.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-0933", "ID": "CVE-2014-0933",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671141", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671141" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users."
{ }
"name" : "JR49605", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49605" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-iismw-cve20140933-csrf(92273)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92273" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ibm-iismw-cve20140933-csrf(92273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92273"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671141",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671141"
},
{
"name": "JR49605",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49605"
}
]
}
}

150
2014/1xxx/CVE-2014-1846.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1846", "ID": "CVE-2014-1846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140203 Re: CVE request: enlightenment sysactions", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/02/03/19" "lang": "eng",
}, "value": "Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1059410" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "enlightenment-configuration-priv-esc(91215)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b",
"refsource": "CONFIRM",
"url": "https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059410"
},
{
"name": "[oss-security] 20140203 Re: CVE request: enlightenment sysactions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/03/19"
},
{
"name": "enlightenment-configuration-priv-esc(91215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91215"
}
]
}
}

34
2014/1xxx/CVE-2014-1947.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1947", "ID": "CVE-2014-1947",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/1xxx/CVE-2014-1973.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2014-1973", "ID": "CVE-2014-1973",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#84335912", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN84335912/index.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename."
{ }
"name" : "JVNDB-2014-000081", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68726", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68726" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "68726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68726"
},
{
"name": "JVN#84335912",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN84335912/index.html"
},
{
"name": "JVNDB-2014-000081",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000081"
}
]
}
}

120
2014/5xxx/CVE-2014-5420.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-5420", "ID": "CVE-2014-5420",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01" "lang": "eng",
} "value": "CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-288-01"
}
]
}
}

140
2014/5xxx/CVE-2014-5664.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5664", "ID": "CVE-2014-5664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#194329", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/194329" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#194329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/194329"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2015/2xxx/CVE-2015-2167.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2167", "ID": "CVE-2015-2167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html" "lang": "eng",
}, "value": "Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp."
{ }
"name" : "73934", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/73934" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131230/Ericsson-Drutt-MSDP-3PI-Manager-Open-Redirect.html"
},
{
"name": "73934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73934"
}
]
}
}

130
2015/2xxx/CVE-2015-2762.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2762", "ID": "CVE-2015-2762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" "lang": "eng",
}, "value": "Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication."
{ }
"name" : "73412", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/73412" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"
},
{
"name": "73412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73412"
}
]
}
}

140
2015/2xxx/CVE-2015-2926.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2926", "ID": "CVE-2015-2926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150408 [CVE-2015-2926] XSS vuln in phpTrafficA", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535212/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php."
{ }
"name" : "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74046", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74046" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131332/phpTrafficA-2.3-Cross-Site-Scripting.html"
},
{
"name": "74046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74046"
},
{
"name": "20150408 [CVE-2015-2926] XSS vuln in phpTrafficA",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535212/100/0/threaded"
}
]
}
}

170
2015/2xxx/CVE-2015-2941.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2941", "ID": "CVE-2015-2941",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value."
{ }
"name" : "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/04/01/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/04/07/3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://phabricator.wikimedia.org/T85851", ]
"refsource" : "CONFIRM", }
"url" : "https://phabricator.wikimedia.org/T85851" ]
}, },
{ "references": {
"name" : "GLSA-201510-05", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201510-05" "name": "GLSA-201510-05",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201510-05"
"name" : "73477", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73477" "name": "https://phabricator.wikimedia.org/T85851",
} "refsource": "CONFIRM",
] "url": "https://phabricator.wikimedia.org/T85851"
} },
} {
"name": "73477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73477"
},
{
"name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
},
{
"name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
},
{
"name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
}
]
}
}

34
2016/10xxx/CVE-2016-10352.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-10352", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-10352",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

132
2016/10xxx/CVE-2016-10480.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2016-10480", "ID": "CVE-2016-10480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20" "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, possible memory corruption due to invalid integer overflow checks in exif parsing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow to buffer overflow in Camera"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, possible memory corruption due to invalid integer overflow checks in exif parsing."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Integer overflow to buffer overflow in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

122
2016/10xxx/CVE-2016-10600.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2016-10600", "ID": "CVE-2016-10600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "webrtc-native node module", "product_name": "webrtc-native node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/176", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/176" "lang": "eng",
} "value": "webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/176",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/176"
}
]
}
}

150
2016/4xxx/CVE-2016-4645.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-4645", "ID": "CVE-2016-4645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT206903", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206903" "lang": "eng",
}, "value": "CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors."
{ }
"name" : "APPLE-SA-2016-07-18-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91824", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91824" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036348", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036348" ]
} },
] "references": {
} "reference_data": [
} {
"name": "91824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91824"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
}
]
}
}

180
2016/4xxx/CVE-2016-4692.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-4692", "ID": "CVE-2016-4692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207421", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207421" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207422", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207424", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207427", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207427" ]
}, },
{ "references": {
"name" : "GLSA-201706-15", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-15" "name": "https://support.apple.com/HT207427",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207427"
"name" : "94907", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94907" "name": "94907",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/94907"
"name" : "1037459", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037459" "name": "https://support.apple.com/HT207421",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207421"
} },
} {
"name": "1037459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037459"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207424",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207424"
}
]
}
}

200
2016/4xxx/CVE-2016-4758.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-4758", "ID": "CVE-2016-4758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html" "lang": "eng",
}, "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207143", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207143" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207157", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207157" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207158", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207158" ]
}, },
{ "references": {
"name" : "APPLE-SA-2016-09-20-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html" "name": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html",
}, "refsource": "MISC",
{ "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
"name" : "APPLE-SA-2016-09-20-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" "name": "APPLE-SA-2016-09-20-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
"name" : "APPLE-SA-2016-09-20-7", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html" "name": "https://support.apple.com/HT207157",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207157"
"name" : "93066", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93066" "name": "https://support.apple.com/HT207158",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207158"
"name" : "1036854", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036854" "name": "93066",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/93066"
} },
} {
"name": "1036854",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036854"
},
{
"name": "https://support.apple.com/HT207143",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207143"
},
{
"name": "APPLE-SA-2016-09-20-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
},
{
"name": "APPLE-SA-2016-09-20-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
}
]
}
}

34
2016/8xxx/CVE-2016-8084.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8084", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-8084",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/8xxx/CVE-2016-8090.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8090", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-8090",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/8xxx/CVE-2016-8123.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8123", "ID": "CVE-2016-8123",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/8xxx/CVE-2016-8148.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8148", "ID": "CVE-2016-8148",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/9xxx/CVE-2016-9295.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9295", "ID": "CVE-2016-9295",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2016/9xxx/CVE-2016-9911.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-9911", "ID": "CVE-2016-9911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/12/08/5" "lang": "eng",
}, "value": "Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host."
{ }
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201701-49", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-49" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2017:2392", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:2392" ]
}, },
{ "references": {
"name" : "RHSA-2017:2408", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2408" "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"name" : "94762", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94762" "name": "94762",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/94762"
} },
} {
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/5"
}
]
}
}

34
2019/2xxx/CVE-2019-2299.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2299", "ID": "CVE-2019-2299",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2019/2xxx/CVE-2019-2426.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2426", "ID": "CVE-2019-2426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java", "product_name": "Java",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE: 7u201, 8u192, 11.0.1" "version_value": "Java SE: 7u201, 8u192, 11.0.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "Java SE Embedded: 8u191" "version_value": "Java SE Embedded: 8u191"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20190118-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20190118-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201903-14", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201903-14" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data."
{ }
"name" : "106590", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/106590" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://security.netapp.com/advisory/ntap-20190118-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0001/"
},
{
"name": "GLSA-201903-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-14"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106590"
}
]
}
}

132
2019/2xxx/CVE-2019-2550.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2550", "ID": "CVE-2019-2550",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Direct Banking", "product_name": "FLEXCUBE Direct Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.2" "version_value": "12.0.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff Page). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)."
{ }
"name" : "106613", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106613" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106613"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}

34
2019/2xxx/CVE-2019-2752.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2752", "ID": "CVE-2019-2752",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2999.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2999", "ID": "CVE-2019-2999",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3832.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3832", "ID": "CVE-2019-3832",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3838.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3838", "ID": "CVE-2019-3838",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6038.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6038", "ID": "CVE-2019-6038",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

238
2019/6xxx/CVE-2019-6213.json
View File

@ -1,121 +1,121 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2019-6213", "ID": "CVE-2019-6213",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "iOS", "product_name": "iOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "iOS 12.1.3" "version_value": "iOS 12.1.3"
} }
] ]
} }
}, },
{ {
"product_name" : "macOS", "product_name": "macOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "macOS Mojave 10.14.3" "version_value": "macOS Mojave 10.14.3"
} }
] ]
} }
}, },
{ {
"product_name" : "tvOS", "product_name": "tvOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "tvOS 12.1.2" "version_value": "tvOS 12.1.2"
} }
] ]
} }
}, },
{ {
"product_name" : "watchOS", "product_name": "watchOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "watchOS 5.1.3" "version_value": "watchOS 5.1.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apple" "vendor_name": "Apple"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "An application may be able to execute arbitrary code with kernel privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "46300", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/46300/" "lang": "eng",
}, "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges."
{ }
"name" : "https://support.apple.com/HT209443", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT209443" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT209446", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT209446" "lang": "eng",
}, "value": "An application may be able to execute arbitrary code with kernel privileges"
{ }
"name" : "https://support.apple.com/HT209447", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT209447" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT209448", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT209448" "name": "https://support.apple.com/HT209446",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT209446"
"name" : "106739", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106739" "name": "https://support.apple.com/HT209443",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT209443"
} },
} {
"name": "https://support.apple.com/HT209448",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209448"
},
{
"name": "106739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106739"
},
{
"name": "46300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46300/"
},
{
"name": "https://support.apple.com/HT209447",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209447"
}
]
}
}

34
2019/6xxx/CVE-2019-6359.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6359", "ID": "CVE-2019-6359",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6406.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6406", "ID": "CVE-2019-6406",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

182
2019/7xxx/CVE-2019-7006.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "securityalerts@avaya.com", "ASSIGNER": "securityalerts@avaya.com",
"DATE_PUBLIC" : "2019-02-26T07:00:00.000Z", "DATE_PUBLIC": "2019-02-26T07:00:00.000Z",
"ID" : "CVE-2019-7006", "ID": "CVE-2019-7006",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Avaya one-X Communicator Weak Encryption" "TITLE": "Avaya one-X Communicator Weak Encryption"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://downloads.avaya.com/css/P8/documents/101055601", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://downloads.avaya.com/css/P8/documents/101055601" "lang": "eng",
}, "value": "Avaya one-X Communicator uses weak cryptographic algorithms in the client authentication component that could allow a local attacker to decrypt sensitive information. Affected versions include all 6.2.x versions prior to 6.2 SP13."
{ }
"name" : "https://downloads.avaya.com/css/P8/documents/101055661", ]
"refsource" : "CONFIRM", },
"url" : "https://downloads.avaya.com/css/P8/documents/101055661" "impact": {
}, "cvss": {
{ "attackComplexity": "HIGH",
"name" : "107175", "attackVector": "LOCAL",
"refsource" : "BID", "availabilityImpact": "LOW",
"url" : "http://www.securityfocus.com/bid/107175" "baseScore": 6.5,
} "baseSeverity": "MEDIUM",
] "confidentialityImpact": "HIGH",
}, "integrityImpact": "HIGH",
"source" : { "privilegesRequired": "NONE",
"advisory" : "ASA-2019-046" "scope": "UNCHANGED",
} "userInteraction": "REQUIRED",
} "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107175"
},
{
"name": "https://downloads.avaya.com/css/P8/documents/101055661",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101055661"
},
{
"name": "https://downloads.avaya.com/css/P8/documents/101055601",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101055601"
}
]
},
"source": {
"advisory": "ASA-2019-046"
}
}

34
2019/7xxx/CVE-2019-7553.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7553", "ID": "CVE-2019-7553",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/7xxx/CVE-2019-7675.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7675", "ID": "CVE-2019-7675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb" "lang": "eng",
} "value": "An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb",
"refsource": "MISC",
"url": "https://gist.github.com/llandeilocymro/7dbe3daaab6d058d609fd9a0b24301cb"
}
]
}
}

34
2019/7xxx/CVE-2019-7891.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7891", "ID": "CVE-2019-7891",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7923.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7923", "ID": "CVE-2019-7923",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }