admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:14:33 +00:00
parent 28890c31a4
commit 43e23eefcf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3596 additions and 3596 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
2006/5xxx/CVE-2006-5402.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5402", "ID": "CVE-2006-5402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files." "value": "Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20061017 [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability", "name": "20061019 CVE-2006-5402, fishy?",
"refsource" : "BUGTRAQ", "refsource": "VIM",
"url" : "http://marc.info/?l=bugtraq&m=116110988829381&w=2" "url": "http://attrition.org/pipermail/vim/2006-October/001088.html"
}, },
{ {
"name" : "20061018 CVE-2006-5402, fishy?", "name": "20061017 [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability",
"refsource" : "VIM", "refsource": "BUGTRAQ",
"url" : "http://attrition.org/pipermail/vim/2006-October/001087.html" "url": "http://marc.info/?l=bugtraq&m=116110988829381&w=2"
}, },
{ {
"name" : "20061019 CVE-2006-5402, fishy?", "name": "20061018 CVE-2006-5402, fishy?",
"refsource" : "VIM", "refsource": "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-October/001088.html" "url": "http://attrition.org/pipermail/vim/2006-October/001087.html"
}, },
{ {
"name" : "http://advisories.echo.or.id/adv/adv55-theday-2006.txt", "name": "phpmybibli-includepath-file-include(29627)",
"refsource" : "MISC", "refsource": "XF",
"url" : "http://advisories.echo.or.id/adv/adv55-theday-2006.txt" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29627"
}, },
{ {
"name" : "http://www.sigb.net/patch.php", "name": "20578",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.sigb.net/patch.php" "url": "http://www.securityfocus.com/bid/20578"
}, },
{ {
"name" : "20578", "name": "ADV-2006-4064",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/20578" "url": "http://www.vupen.com/english/advisories/2006/4064"
}, },
{ {
"name" : "ADV-2006-4064", "name": "http://www.sigb.net/patch.php",
"refsource" : "VUPEN", "refsource": "CONFIRM",
"url" : "http://www.vupen.com/english/advisories/2006/4064" "url": "http://www.sigb.net/patch.php"
}, },
{ {
"name" : "phpmybibli-includepath-file-include(29627)", "name": "http://advisories.echo.or.id/adv/adv55-theday-2006.txt",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29627" "url": "http://advisories.echo.or.id/adv/adv55-theday-2006.txt"
} }
] ]
} }

110
2007/2xxx/CVE-2007-2881.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2881", "ID": "CVE-2007-2881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation." "value": "Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20070525 Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities", "name": "ADV-2007-1957",
"refsource" : "IDEFENSE", "refsource": "VUPEN",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536" "url": "http://www.vupen.com/english/advisories/2007/1957"
}, },
{ {
"name" : "102927", "name": "sun-java-web-socks-bo(34524)",
"refsource" : "SUNALERT", "refsource": "XF",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34524"
}, },
{ {
"name" : "VU#746889", "name": "25405",
"refsource" : "CERT-VN", "refsource": "SECUNIA",
"url" : "http://www.kb.cert.org/vuls/id/746889" "url": "http://secunia.com/advisories/25405"
}, },
{ {
"name" : "24165", "name": "35841",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/24165" "url": "http://osvdb.org/35841"
}, },
{ {
"name" : "35841", "name": "VU#746889",
"refsource" : "OSVDB", "refsource": "CERT-VN",
"url" : "http://osvdb.org/35841" "url": "http://www.kb.cert.org/vuls/id/746889"
}, },
{ {
"name" : "ADV-2007-1957", "name": "102927",
"refsource" : "VUPEN", "refsource": "SUNALERT",
"url" : "http://www.vupen.com/english/advisories/2007/1957" "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1"
}, },
{ {
"name" : "1018130", "name": "20070525 Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities",
"refsource" : "SECTRACK", "refsource": "IDEFENSE",
"url" : "http://www.securitytracker.com/id?1018130" "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536"
}, },
{ {
"name" : "25405", "name": "1018130",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/25405" "url": "http://www.securitytracker.com/id?1018130"
}, },
{ {
"name" : "sun-java-web-socks-bo(34524)", "name": "24165",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34524" "url": "http://www.securityfocus.com/bid/24165"
} }
] ]
} }

98
2007/2xxx/CVE-2007-2997.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2997", "ID": "CVE-2007-2997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating \"We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.\"" "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating \"We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", "name": "24226",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/469900/100/0/threaded" "url": "http://www.securityfocus.com/bid/24226"
}, },
{ {
"name" : "20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", "name": "salesacart-reorder2-sql-injection(34567)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://www.securityfocus.com/archive/1/471409/100/0/threaded" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34567"
}, },
{ {
"name" : "20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability", "name": "20070613 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471415/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/471409/100/0/threaded"
}, },
{ {
"name" : "24226", "name": "2758",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/24226" "url": "http://securityreason.com/securityalert/2758"
}, },
{ {
"name" : "40145", "name": "40145",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://osvdb.org/40145" "url": "http://osvdb.org/40145"
}, },
{ {
"name" : "2758", "name": "20070529 RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/2758" "url": "http://www.securityfocus.com/archive/1/469900/100/0/threaded"
}, },
{ {
"name" : "salesacart-reorder2-sql-injection(34567)", "name": "20070614 Re: RedLevel Advisory #23 - SalesCart Shopping Cart SQL Injection Vulnerability",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34567" "url": "http://www.securityfocus.com/archive/1/471415/100/0/threaded"
} }
] ]
} }

92
2007/3xxx/CVE-2007-3006.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3006", "ID": "CVE-2007-3006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected." "value": "Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "4017", "name": "43455",
"refsource" : "EXPLOIT-DB", "refsource": "OSVDB",
"url" : "https://www.exploit-db.com/exploits/4017" "url": "http://osvdb.org/43455"
}, },
{ {
"name" : "6329", "name": "31666",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "https://www.exploit-db.com/exploits/6329" "url": "http://secunia.com/advisories/31666"
}, },
{ {
"name" : "24247", "name": "6329",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/24247" "url": "https://www.exploit-db.com/exploits/6329"
}, },
{ {
"name" : "43455", "name": "24247",
"refsource" : "OSVDB", "refsource": "BID",
"url" : "http://osvdb.org/43455" "url": "http://www.securityfocus.com/bid/24247"
}, },
{ {
"name" : "31666", "name": "acoustica-asx-m3u-bo(34647)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/31666" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34647"
}, },
{ {
"name" : "acoustica-asx-m3u-bo(34647)", "name": "4017",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34647" "url": "https://www.exploit-db.com/exploits/4017"
} }
] ]
} }

86
2007/3xxx/CVE-2007-3576.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3576", "ID": "CVE-2007-3576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar.\"" "value": "** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the \"script\" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating \"this only works when typed in the address bar.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0", "name": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0" "url": "http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0"
}, },
{ {
"name" : "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/", "name": "45813",
"refsource" : "MISC", "refsource": "OSVDB",
"url" : "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/" "url": "http://osvdb.org/45813"
}, },
{ {
"name" : "http://sla.ckers.org/forum/read.php?2,13209,13218", "name": "http://sla.ckers.org/forum/read.php?2,13209,13218",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://sla.ckers.org/forum/read.php?2,13209,13218" "url": "http://sla.ckers.org/forum/read.php?2,13209,13218"
}, },
{ {
"name" : "http://www.0x000000.com/?i=375", "name": "http://www.0x000000.com/?i=375",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.0x000000.com/?i=375" "url": "http://www.0x000000.com/?i=375"
}, },
{ {
"name" : "45813", "name": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/",
"refsource" : "OSVDB", "refsource": "MISC",
"url" : "http://osvdb.org/45813" "url": "http://ha.ckers.org/blog/20070702/ie60-protocol-guessing/"
} }
] ]
} }

80
2007/3xxx/CVE-2007-3662.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3662", "ID": "CVE-2007-3662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file." "value": "Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20070707 [Eleytt] 7LIPIEC2007", "name": "20070707 [Eleytt] 7LIPIEC2007",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473187" "url": "http://www.securityfocus.com/archive/1/473187"
}, },
{ {
"name" : "20070709 Re: [Eleytt] 7LIPIEC2007", "name": "45808",
"refsource" : "BUGTRAQ", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/archive/1/473212" "url": "http://osvdb.org/45808"
}, },
{ {
"name" : "24830", "name": "20070709 Re: [Eleytt] 7LIPIEC2007",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/24830" "url": "http://www.securityfocus.com/archive/1/473212"
}, },
{ {
"name" : "45808", "name": "24830",
"refsource" : "OSVDB", "refsource": "BID",
"url" : "http://osvdb.org/45808" "url": "http://www.securityfocus.com/bid/24830"
} }
] ]
} }

74
2007/3xxx/CVE-2007-3710.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3710", "ID": "CVE-2007-3710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter." "value": "PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20070708 PHP Comet-Server", "name": "2876",
"refsource" : "BUGTRAQ", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/archive/1/473188/100/0/threaded" "url": "http://securityreason.com/securityalert/2876"
}, },
{ {
"name" : "36150", "name": "36150",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://osvdb.org/36150" "url": "http://osvdb.org/36150"
}, },
{ {
"name" : "2876", "name": "20070708 PHP Comet-Server",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/2876" "url": "http://www.securityfocus.com/archive/1/473188/100/0/threaded"
} }
] ]
} }

68
2007/6xxx/CVE-2007-6193.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6193", "ID": "CVE-2007-6193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface." "value": "The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20071126 Citrix NetScaler Web Management Cookie Weakness", "name": "20071126 Citrix NetScaler Web Management Cookie Weakness",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484182/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/484182/100/0/threaded"
}, },
{ {
"name" : "3409", "name": "3409",
"refsource" : "SREASON", "refsource": "SREASON",
"url" : "http://securityreason.com/securityalert/3409" "url": "http://securityreason.com/securityalert/3409"
} }
] ]
} }

74
2007/6xxx/CVE-2007-6230.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6230", "ID": "CVE-2007-6230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter." "value": "Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "4685", "name": "4685",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4685" "url": "https://www.exploit-db.com/exploits/4685"
}, },
{ {
"name" : "39694", "name": "rayzz-classheaderhandlerlib-file-include(38802)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/39694" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38802"
}, },
{ {
"name" : "rayzz-classheaderhandlerlib-file-include(38802)", "name": "39694",
"refsource" : "XF", "refsource": "OSVDB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38802" "url": "http://osvdb.org/39694"
} }
] ]
} }

110
2007/6xxx/CVE-2007-6356.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6356", "ID": "CVE-2007-6356",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image." "value": "exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=202354", "name": "29580",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=202354" "url": "http://secunia.com/advisories/29580"
}, },
{ {
"name" : "http://johnst.org/sw/exiftags/CHANGES", "name": "http://bugs.gentoo.org/show_bug.cgi?id=202354",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://johnst.org/sw/exiftags/CHANGES" "url": "http://bugs.gentoo.org/show_bug.cgi?id=202354"
}, },
{ {
"name" : "DSA-1533", "name": "28110",
"refsource" : "DEBIAN", "refsource": "SECUNIA",
"url" : "http://www.debian.org/security/2008/dsa-1533" "url": "http://secunia.com/advisories/28110"
}, },
{ {
"name" : "GLSA-200712-17", "name": "DSA-1533",
"refsource" : "GENTOO", "refsource": "DEBIAN",
"url" : "http://security.gentoo.org/glsa/glsa-200712-17.xml" "url": "http://www.debian.org/security/2008/dsa-1533"
}, },
{ {
"name" : "26892", "name": "28268",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/26892" "url": "http://secunia.com/advisories/28268"
}, },
{ {
"name" : "ADV-2007-4251", "name": "GLSA-200712-17",
"refsource" : "VUPEN", "refsource": "GENTOO",
"url" : "http://www.vupen.com/english/advisories/2007/4251" "url": "http://security.gentoo.org/glsa/glsa-200712-17.xml"
}, },
{ {
"name" : "28110", "name": "ADV-2007-4251",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/28110" "url": "http://www.vupen.com/english/advisories/2007/4251"
}, },
{ {
"name" : "28268", "name": "http://johnst.org/sw/exiftags/CHANGES",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/28268" "url": "http://johnst.org/sw/exiftags/CHANGES"
}, },
{ {
"name" : "29580", "name": "26892",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/29580" "url": "http://www.securityfocus.com/bid/26892"
} }
] ]
} }

98
2007/6xxx/CVE-2007-6651.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6651", "ID": "CVE-2007-6651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter." "value": "Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20071230 Bitweaver source code disclosure, arbitrary file upload", "name": "20071230 Bitweaver source code disclosure, arbitrary file upload",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485642/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/485642/100/0/threaded"
}, },
{ {
"name" : "4814", "name": "27081",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/4814" "url": "http://www.securityfocus.com/bid/27081"
}, },
{ {
"name" : "http://www.bugreport.ir/?/24", "name": "28300",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://www.bugreport.ir/?/24" "url": "http://secunia.com/advisories/28300"
}, },
{ {
"name" : "27081", "name": "39915",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/27081" "url": "http://osvdb.org/39915"
}, },
{ {
"name" : "39915", "name": "bitweaver-edit-information-disclosure(39322)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/39915" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39322"
}, },
{ {
"name" : "28300", "name": "http://www.bugreport.ir/?/24",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/28300" "url": "http://www.bugreport.ir/?/24"
}, },
{ {
"name" : "bitweaver-edit-information-disclosure(39322)", "name": "4814",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39322" "url": "https://www.exploit-db.com/exploits/4814"
} }
] ]
} }

122
2010/0xxx/CVE-2010-0136.json
View File

@ -1,111 +1,111 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0136", "ID": "CVE-2010-0136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document." "value": "OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-openoffice] 20100212 ./packages/openofficeorg/3.1.1/unstable r1866: merge 1:3.1.1-15+squeeze1", "name": "MDVSA-2010:221",
"refsource" : "MLIST", "refsource": "MANDRIVA",
"url" : "http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
}, },
{ {
"name" : "DSA-1995", "name": "38695",
"refsource" : "DEBIAN", "refsource": "SECUNIA",
"url" : "http://www.debian.org/security/2010/dsa-1995" "url": "http://secunia.com/advisories/38695"
}, },
{ {
"name" : "MDVSA-2010:221", "name": "DSA-1995",
"refsource" : "MANDRIVA", "refsource": "DEBIAN",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" "url": "http://www.debian.org/security/2010/dsa-1995"
}, },
{ {
"name" : "SUSE-SA:2010:017", "name": "1023588",
"refsource" : "SUSE", "refsource": "SECTRACK",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" "url": "http://securitytracker.com/id?1023588"
}, },
{ {
"name" : "USN-903-1", "name": "USN-903-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-903-1" "url": "http://www.ubuntu.com/usn/USN-903-1"
}, },
{ {
"name" : "38245", "name": "SUSE-SA:2010:017",
"refsource" : "BID", "refsource": "SUSE",
"url" : "http://www.securityfocus.com/bid/38245" "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
}, },
{ {
"name" : "1023588", "name": "[debian-openoffice] 20100212 ./packages/openofficeorg/3.1.1/unstable r1866: merge 1:3.1.1-15+squeeze1",
"refsource" : "SECTRACK", "refsource": "MLIST",
"url" : "http://securitytracker.com/id?1023588" "url": "http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html"
}, },
{ {
"name" : "38695", "name": "ADV-2010-0635",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/38695" "url": "http://www.vupen.com/english/advisories/2010/0635"
}, },
{ {
"name" : "38921", "name": "38245",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/38921" "url": "http://www.securityfocus.com/bid/38245"
}, },
{ {
"name" : "ADV-2010-0635", "name": "38921",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2010/0635" "url": "http://secunia.com/advisories/38921"
}, },
{ {
"name" : "ADV-2010-2905", "name": "ADV-2010-2905",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2905" "url": "http://www.vupen.com/english/advisories/2010/2905"
} }
] ]
} }

68
2010/0xxx/CVE-2010-0523.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-0523", "ID": "CVE-2010-0523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet." "value": "Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://support.apple.com/kb/HT4077", "name": "APPLE-SA-2010-03-29-1",
"refsource" : "CONFIRM", "refsource": "APPLE",
"url" : "http://support.apple.com/kb/HT4077" "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}, },
{ {
"name" : "APPLE-SA-2010-03-29-1", "name": "http://support.apple.com/kb/HT4077",
"refsource" : "APPLE", "refsource": "CONFIRM",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" "url": "http://support.apple.com/kb/HT4077"
} }
] ]
} }

110
2010/0xxx/CVE-2010-0685.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0685", "ID": "CVE-2010-0685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available." "value": "The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20100218 AST-2010-002: Dialplan injection vulnerability", "name": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt",
"refsource" : "BUGTRAQ", "refsource": "MISC",
"url" : "http://www.securityfocus.com/archive/1/509608/100/0/threaded" "url": "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt"
}, },
{ {
"name" : "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt", "name": "39096",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt" "url": "http://secunia.com/advisories/39096"
}, },
{ {
"name" : "http://downloads.digium.com/pub/security/AST-2010-002.html", "name": "1023637",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://downloads.digium.com/pub/security/AST-2010-002.html" "url": "http://www.securitytracker.com/id?1023637"
}, },
{ {
"name" : "FEDORA-2010-3724", "name": "FEDORA-2010-3724",
"refsource" : "FEDORA", "refsource": "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html" "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
}, },
{ {
"name" : "1023637", "name": "20100218 AST-2010-002: Dialplan injection vulnerability",
"refsource" : "SECTRACK", "refsource": "BUGTRAQ",
"url" : "http://www.securitytracker.com/id?1023637" "url": "http://www.securityfocus.com/archive/1/509608/100/0/threaded"
}, },
{ {
"name" : "38641", "name": "38641",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/38641" "url": "http://secunia.com/advisories/38641"
}, },
{ {
"name" : "39096", "name": "http://downloads.digium.com/pub/security/AST-2010-002.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/39096" "url": "http://downloads.digium.com/pub/security/AST-2010-002.html"
}, },
{ {
"name" : "ADV-2010-0439", "name": "ADV-2010-0439",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0439" "url": "http://www.vupen.com/english/advisories/2010/0439"
}, },
{ {
"name" : "asterisk-dial-weak-security(56397)", "name": "asterisk-dial-weak-security(56397)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56397"
} }
] ]
} }

62
2010/0xxx/CVE-2010-0906.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-0906", "ID": "CVE-2010-0906",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." "value": "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
} }
] ]
} }

68
2010/1xxx/CVE-2010-1124.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1124", "ID": "CVE-2010-1124",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on \"systems with databases cataloged with alternate servers using IP addresses.\"" "value": "bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on \"systems with databases cataloged with alternate servers using IP addresses.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "IZ66710", "name": "IZ66710",
"refsource" : "AIXAPAR", "refsource": "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66710" "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66710"
}, },
{ {
"name" : "38964", "name": "38964",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/38964" "url": "http://www.securityfocus.com/bid/38964"
} }
] ]
} }

74
2010/1xxx/CVE-2010-1777.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1777", "ID": "CVE-2010-1777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL." "value": "Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://support.apple.com/kb/HT4263", "name": "oval:org.mitre.oval:def:6988",
"refsource" : "CONFIRM", "refsource": "OVAL",
"url" : "http://support.apple.com/kb/HT4263" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6988"
}, },
{ {
"name" : "APPLE-SA-2010-07-19-1", "name": "APPLE-SA-2010-07-19-1",
"refsource" : "APPLE", "refsource": "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00000.html" "url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00000.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:6988", "name": "http://support.apple.com/kb/HT4263",
"refsource" : "OVAL", "refsource": "CONFIRM",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6988" "url": "http://support.apple.com/kb/HT4263"
} }
] ]
} }

80
2010/1xxx/CVE-2010-1907.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1907", "ID": "CVE-2010-1907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method." "value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", "name": "VU#602801",
"refsource" : "BUGTRAQ", "refsource": "CERT-VN",
"url" : "http://www.securityfocus.com/archive/1/511176/100/0/threaded" "url": "http://www.kb.cert.org/vuls/id/602801"
}, },
{ {
"name" : "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html", "name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html" "url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
}, },
{ {
"name" : "http://www.wintercore.com/downloads/rootedcon_0day.pdf", "name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.wintercore.com/downloads/rootedcon_0day.pdf" "url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
}, },
{ {
"name" : "VU#602801", "name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource" : "CERT-VN", "refsource": "BUGTRAQ",
"url" : "http://www.kb.cert.org/vuls/id/602801" "url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
} }
] ]
} }

86
2014/0xxx/CVE-2014-0503.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0503", "ID": "CVE-2014-0503",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors." "value": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html", "name": "openSUSE-SU-2014:0379",
"refsource" : "CONFIRM", "refsource": "SUSE",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html"
}, },
{ {
"name" : "GLSA-201405-04", "name": "SUSE-SU-2014:0387",
"refsource" : "GENTOO", "refsource": "SUSE",
"url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml" "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html"
}, },
{ {
"name" : "RHSA-2014:0289", "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0289.html" "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-08.html"
}, },
{ {
"name" : "openSUSE-SU-2014:0379", "name": "GLSA-201405-04",
"refsource" : "SUSE", "refsource": "GENTOO",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
}, },
{ {
"name" : "SUSE-SU-2014:0387", "name": "RHSA-2014:0289",
"refsource" : "SUSE", "refsource": "REDHAT",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" "url": "http://rhn.redhat.com/errata/RHSA-2014-0289.html"
} }
] ]
} }

110
2014/0xxx/CVE-2014-0557.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0557", "ID": "CVE-2014-0557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors." "value": "Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html", "name": "GLSA-201409-05",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html" "url": "http://security.gentoo.org/glsa/glsa-201409-05.xml"
}, },
{ {
"name" : "GLSA-201409-05", "name": "61089",
"refsource" : "GENTOO", "refsource": "SECUNIA",
"url" : "http://security.gentoo.org/glsa/glsa-201409-05.xml" "url": "http://secunia.com/advisories/61089"
}, },
{ {
"name" : "SUSE-SU-2014:1124", "name": "openSUSE-SU-2014:1130",
"refsource" : "SUSE", "refsource": "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html"
}, },
{ {
"name" : "openSUSE-SU-2014:1110", "name": "69701",
"refsource" : "SUSE", "refsource": "BID",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html" "url": "http://www.securityfocus.com/bid/69701"
}, },
{ {
"name" : "openSUSE-SU-2014:1130", "name": "openSUSE-SU-2014:1110",
"refsource" : "SUSE", "refsource": "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html"
}, },
{ {
"name" : "69701", "name": "SUSE-SU-2014:1124",
"refsource" : "BID", "refsource": "SUSE",
"url" : "http://www.securityfocus.com/bid/69701" "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html"
}, },
{ {
"name" : "1030822", "name": "adobe-flash-cve20140557-sec-bypass(95827)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id/1030822" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95827"
}, },
{ {
"name" : "61089", "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/61089" "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-21.html"
}, },
{ {
"name" : "adobe-flash-cve20140557-sec-bypass(95827)", "name": "1030822",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95827" "url": "http://www.securitytracker.com/id/1030822"
} }
] ]
} }

74
2014/0xxx/CVE-2014-0922.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-0922", "ID": "CVE-2014-0922",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data." "value": "IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278", "name": "ibm-messagesight-cve20140922-dos(92075)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670278" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92075"
}, },
{ {
"name" : "IC98692", "name": "IC98692",
"refsource" : "AIXAPAR", "refsource": "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692"
}, },
{ {
"name" : "ibm-messagesight-cve20140922-dos(92075)", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92075" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670278"
} }
] ]
} }

22
2014/1xxx/CVE-2014-1374.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-1374", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2014-1374",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }

116
2014/1xxx/CVE-2014-1859.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1859", "ID": "CVE-2014-1859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file." "value": "(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use", "name": "FEDORA-2014-2387",
"refsource" : "MLIST", "refsource": "FEDORA",
"url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3" "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html"
}, },
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778", "name": "65440",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" "url": "http://www.securityfocus.com/bid/65440"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009", "name": "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" "url": "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15"
}, },
{ {
"name" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst", "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778"
}, },
{ {
"name" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", "name": "https://github.com/numpy/numpy/pull/4262",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" "url": "https://github.com/numpy/numpy/pull/4262"
}, },
{ {
"name" : "https://github.com/numpy/numpy/pull/4262", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1062009",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://github.com/numpy/numpy/pull/4262" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062009"
}, },
{ {
"name" : "FEDORA-2014-2289", "name": "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst",
"refsource" : "FEDORA", "refsource": "CONFIRM",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" "url": "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst"
}, },
{ {
"name" : "FEDORA-2014-2387", "name": "[oss-security] 20140207 Re: CVE request: f2py insecure temporary file use",
"refsource" : "FEDORA", "refsource": "MLIST",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" "url": "http://www.openwall.com/lists/oss-security/2014/02/08/3"
}, },
{ {
"name" : "65440", "name": "FEDORA-2014-2289",
"refsource" : "BID", "refsource": "FEDORA",
"url" : "http://www.securityfocus.com/bid/65440" "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html"
}, },
{ {
"name" : "numpy-cve20141859-symlink(91317)", "name": "numpy-cve20141859-symlink(91317)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317"
} }
] ]
} }

80
2014/4xxx/CVE-2014-4331.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4331", "ID": "CVE-2014-4331",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter." "value": "Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20140709 CVE-2014-4331 OctavoCMS reflected XSS vulnerability", "name": "68469",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/532701/100/0/threaded" "url": "http://www.securityfocus.com/bid/68469"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html", "name": "20140709 CVE-2014-4331 OctavoCMS reflected XSS vulnerability",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html" "url": "http://www.securityfocus.com/archive/1/532701/100/0/threaded"
}, },
{ {
"name" : "20140719 OctavoCMS (CVE-2014-4331) is not always site-specific", "name": "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html",
"refsource" : "VIM", "refsource": "MISC",
"url" : "http://www.attrition.org/pipermail/vim/2014-July/002773.html" "url": "http://packetstormsecurity.com/files/127404/OctavoCMS-Cross-Site-Scripting.html"
}, },
{ {
"name" : "68469", "name": "20140719 OctavoCMS (CVE-2014-4331) is not always site-specific",
"refsource" : "BID", "refsource": "VIM",
"url" : "http://www.securityfocus.com/bid/68469" "url": "http://www.attrition.org/pipermail/vim/2014-July/002773.html"
} }
] ]
} }

86
2014/4xxx/CVE-2014-4437.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4437", "ID": "CVE-2014-4437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object." "value": "LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://support.apple.com/kb/HT6535", "name": "APPLE-SA-2014-10-16-1",
"refsource" : "CONFIRM", "refsource": "APPLE",
"url" : "https://support.apple.com/kb/HT6535" "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
}, },
{ {
"name" : "APPLE-SA-2014-10-16-1", "name": "1031063",
"refsource" : "APPLE", "refsource": "SECTRACK",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" "url": "http://www.securitytracker.com/id/1031063"
}, },
{ {
"name" : "70627", "name": "https://support.apple.com/kb/HT6535",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/70627" "url": "https://support.apple.com/kb/HT6535"
}, },
{ {
"name" : "1031063", "name": "macosx-cve20144437-sec-bypass(97631)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id/1031063" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97631"
}, },
{ {
"name" : "macosx-cve20144437-sec-bypass(97631)", "name": "70627",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97631" "url": "http://www.securityfocus.com/bid/70627"
} }
] ]
} }

104
2014/4xxx/CVE-2014-4496.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4496", "ID": "CVE-2014-4496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app." "value": "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://support.apple.com/HT204245", "name": "http://support.apple.com/HT204245",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://support.apple.com/HT204245" "url": "http://support.apple.com/HT204245"
}, },
{ {
"name" : "http://support.apple.com/HT204246", "name": "http://support.apple.com/HT204246",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://support.apple.com/HT204246" "url": "http://support.apple.com/HT204246"
}, },
{ {
"name" : "https://support.apple.com/HT204413", "name": "72334",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://support.apple.com/HT204413" "url": "http://www.securityfocus.com/bid/72334"
}, },
{ {
"name" : "APPLE-SA-2015-01-27-1", "name": "APPLE-SA-2015-03-09-3",
"refsource" : "APPLE", "refsource": "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
}, },
{ {
"name" : "APPLE-SA-2015-01-27-2", "name": "APPLE-SA-2015-01-27-2",
"refsource" : "APPLE", "refsource": "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
}, },
{ {
"name" : "APPLE-SA-2015-03-09-3", "name": "1031652",
"refsource" : "APPLE", "refsource": "SECTRACK",
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html" "url": "http://www.securitytracker.com/id/1031652"
}, },
{ {
"name" : "72334", "name": "https://support.apple.com/HT204413",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/72334" "url": "https://support.apple.com/HT204413"
}, },
{ {
"name" : "1031652", "name": "APPLE-SA-2015-01-27-1",
"refsource" : "SECTRACK", "refsource": "APPLE",
"url" : "http://www.securitytracker.com/id/1031652" "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
} }
] ]
} }

68
2014/5xxx/CVE-2014-5426.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-5426", "ID": "CVE-2014-5426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message." "value": "MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01", "name": "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01" "url": "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01"
}, },
{ {
"name" : "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://www.opcsupport.com/link/portal/4164/4590/Article/3004/SECURITY-NOTIFICATION-OPC-Server-for-SCADA-DNP3-SN-2014-10-14-01" "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-329-01"
} }
] ]
} }

128
2014/5xxx/CVE-2014-5464.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5464", "ID": "CVE-2014-5464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header." "value": "Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20140825 ntopng 1.2.0 XSS injection using monitored network traffic", "name": "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533222/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/533332/100/0/threaded"
}, },
{ {
"name" : "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic", "name": "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html",
"refsource" : "BUGTRAQ", "refsource": "MISC",
"url" : "http://www.securityfocus.com/archive/1/533332/100/0/threaded" "url": "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html"
}, },
{ {
"name" : "34419", "name": "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/",
"refsource" : "EXPLOIT-DB", "refsource": "CONFIRM",
"url" : "http://www.exploit-db.com/exploits/34419" "url": "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/"
}, },
{ {
"name" : "20140825 ntopng 1.2.0 XSS injection using monitored network traffic", "name": "20140909 Re: ntopng 1.2.0 XSS injection using monitored network traffic",
"refsource" : "FULLDISC", "refsource": "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Aug/65" "url": "http://seclists.org/fulldisclosure/2014/Sep/28"
}, },
{ {
"name" : "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic", "name": "ntopng-httpheader-xss(95461)",
"refsource" : "FULLDISC", "refsource": "XF",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/22" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95461"
}, },
{ {
"name" : "20140909 Re: ntopng 1.2.0 XSS injection using monitored network traffic", "name": "60096",
"refsource" : "FULLDISC", "refsource": "SECUNIA",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/28" "url": "http://secunia.com/advisories/60096"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html", "name": "110437",
"refsource" : "MISC", "refsource": "OSVDB",
"url" : "http://packetstormsecurity.com/files/127995/ntopng-1.2.0-Cross-Site-Scripting.html" "url": "http://osvdb.org/show/osvdb/110437"
}, },
{ {
"name" : "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/", "name": "20140825 ntopng 1.2.0 XSS injection using monitored network traffic",
"refsource" : "CONFIRM", "refsource": "FULLDISC",
"url" : "http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/" "url": "http://seclists.org/fulldisclosure/2014/Aug/65"
}, },
{ {
"name" : "69385", "name": "20140903 Re: ntopng 1.2.0 XSS injection using monitored network traffic",
"refsource" : "BID", "refsource": "FULLDISC",
"url" : "http://www.securityfocus.com/bid/69385" "url": "http://seclists.org/fulldisclosure/2014/Sep/22"
}, },
{ {
"name" : "110437", "name": "34419",
"refsource" : "OSVDB", "refsource": "EXPLOIT-DB",
"url" : "http://osvdb.org/show/osvdb/110437" "url": "http://www.exploit-db.com/exploits/34419"
}, },
{ {
"name" : "60096", "name": "69385",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/60096" "url": "http://www.securityfocus.com/bid/69385"
}, },
{ {
"name" : "ntopng-httpheader-xss(95461)", "name": "20140825 ntopng 1.2.0 XSS injection using monitored network traffic",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95461" "url": "http://www.securityfocus.com/archive/1/533222/100/0/threaded"
} }
] ]
} }

74
2014/5xxx/CVE-2014-5907.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5907", "ID": "CVE-2014-5907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." "value": "The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "name": "VU#582497",
"refsource" : "MISC", "refsource": "CERT-VN",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "url": "http://www.kb.cert.org/vuls/id/582497"
}, },
{ {
"name" : "VU#549057", "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "CERT-VN", "refsource": "MISC",
"url" : "http://www.kb.cert.org/vuls/id/549057" "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}, },
{ {
"name" : "VU#582497", "name": "VU#549057",
"refsource" : "CERT-VN", "refsource": "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497" "url": "http://www.kb.cert.org/vuls/id/549057"
} }
] ]
} }

80
2016/10xxx/CVE-2016-10096.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10096", "ID": "CVE-2016-10096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter." "value": "SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.hackersb.cn/shenji/107.html", "name": "http://www.hackersb.cn/shenji/107.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.hackersb.cn/shenji/107.html" "url": "http://www.hackersb.cn/shenji/107.html"
}, },
{ {
"name" : "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f", "name": "95172",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f" "url": "http://www.securityfocus.com/bid/95172"
}, },
{ {
"name" : "https://github.com/semplon/GeniXCMS/issues/58", "name": "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/semplon/GeniXCMS/issues/58" "url": "https://github.com/semplon/GeniXCMS/commit/d885eb20006099262c0278932b9f8aca3c1ac97f"
}, },
{ {
"name" : "95172", "name": "https://github.com/semplon/GeniXCMS/issues/58",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/95172" "url": "https://github.com/semplon/GeniXCMS/issues/58"
} }
] ]
} }

68
2016/10xxx/CVE-2016-10280.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-10280", "ID": "CVE-2016-10280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445." "value": "An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Elevation of privilege" "value": "Elevation of privilege"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2017-05-01", "name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01" "url": "https://source.android.com/security/bulletin/2017-05-01"
}, },
{ {
"name" : "98157", "name": "98157",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/98157" "url": "http://www.securityfocus.com/bid/98157"
} }
] ]
} }

80
2016/3xxx/CVE-2016-3231.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3231", "ID": "CVE-2016-3231",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Diagnostics Hub Elevation of Privilege Vulnerability.\"" "value": "The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Diagnostics Hub Elevation of Privilege Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-372", "name": "MS16-078",
"refsource" : "MISC", "refsource": "MS",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-372" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-078"
}, },
{ {
"name" : "MS16-078", "name": "1036105",
"refsource" : "MS", "refsource": "SECTRACK",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-078" "url": "http://www.securitytracker.com/id/1036105"
}, },
{ {
"name" : "91116", "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-372",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/91116" "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-372"
}, },
{ {
"name" : "1036105", "name": "91116",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1036105" "url": "http://www.securityfocus.com/bid/91116"
} }
] ]
} }

74
2016/3xxx/CVE-2016-3332.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3332", "ID": "CVE-2016-3332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "MS16-134", "name": "1037252",
"refsource" : "MS", "refsource": "SECTRACK",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" "url": "http://www.securitytracker.com/id/1037252"
}, },
{ {
"name" : "94008", "name": "MS16-134",
"refsource" : "BID", "refsource": "MS",
"url" : "http://www.securityfocus.com/bid/94008" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134"
}, },
{ {
"name" : "1037252", "name": "94008",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1037252" "url": "http://www.securityfocus.com/bid/94008"
} }
] ]
} }

92
2016/3xxx/CVE-2016-3351.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3351", "ID": "CVE-2016-3351",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\"" "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka \"Microsoft Browser Information Disclosure Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/", "name": "1036789",
"refsource" : "MISC", "refsource": "SECTRACK",
"url" : "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/" "url": "http://www.securitytracker.com/id/1036789"
}, },
{ {
"name" : "MS16-104", "name": "92788",
"refsource" : "MS", "refsource": "BID",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" "url": "http://www.securityfocus.com/bid/92788"
}, },
{ {
"name" : "MS16-105", "name": "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/",
"refsource" : "MS", "refsource": "MISC",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" "url": "https://www.brokenbrowser.com/detecting-apps-mimetype-malware/"
}, },
{ {
"name" : "92788", "name": "MS16-104",
"refsource" : "BID", "refsource": "MS",
"url" : "http://www.securityfocus.com/bid/92788" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
}, },
{ {
"name" : "1036788", "name": "MS16-105",
"refsource" : "SECTRACK", "refsource": "MS",
"url" : "http://www.securitytracker.com/id/1036788" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
}, },
{ {
"name" : "1036789", "name": "1036788",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036789" "url": "http://www.securitytracker.com/id/1036788"
} }
] ]
} }

62
2016/3xxx/CVE-2016-3950.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3950", "ID": "CVE-2016-3950",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets." "value": "Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en" "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160406-01-ar-en"
} }
] ]
} }

110
2016/7xxx/CVE-2016-7041.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-7041", "ID": "CVE-2016-7041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Drools Workbench", "product_name": "Drools Workbench",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat" "vendor_name": "Red Hat"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host." "value": "Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : [ "cvss": [
[ [
{ {
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0" "version": "3.0"
} }
], ],
[ [
{ {
"vectorString" : "6.8/AV:N/AC:L/Au:S/C:C/I:N/A:N", "vectorString": "6.8/AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version" : "2.0" "version": "2.0"
} }
] ]
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-22" "value": "CWE-22"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041", "name": "RHSA-2016:2937",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041" "url": "http://rhn.redhat.com/errata/RHSA-2016-2937.html"
}, },
{ {
"name" : "RHSA-2016:2822", "name": "RHSA-2016:2938",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2822.html" "url": "http://rhn.redhat.com/errata/RHSA-2016-2938.html"
}, },
{ {
"name" : "RHSA-2016:2823", "name": "94566",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2823.html" "url": "http://www.securityfocus.com/bid/94566"
}, },
{ {
"name" : "RHSA-2016:2937", "name": "RHSA-2016:2822",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2937.html" "url": "http://rhn.redhat.com/errata/RHSA-2016-2822.html"
}, },
{ {
"name" : "RHSA-2016:2938", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2938.html" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7041"
}, },
{ {
"name" : "94566", "name": "1037406",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/94566" "url": "http://www.securitytracker.com/id/1037406"
}, },
{ {
"name" : "1037406", "name": "RHSA-2016:2823",
"refsource" : "SECTRACK", "refsource": "REDHAT",
"url" : "http://www.securitytracker.com/id/1037406" "url": "http://rhn.redhat.com/errata/RHSA-2016-2823.html"
} }
] ]
} }

22
2016/8xxx/CVE-2016-8270.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8270", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2016-8270",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }

22
2016/8xxx/CVE-2016-8489.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8489", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2016-8489",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10242. Reason: This candidate is a reservation duplicate of CVE-2016-10242. Notes: All CVE users should reference CVE-2016-10242 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10242. Reason: This candidate is a reservation duplicate of CVE-2016-10242. Notes: All CVE users should reference CVE-2016-10242 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }

92
2016/8xxx/CVE-2016-8638.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-8638", "ID": "CVE-2016-8638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"" "value": "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638", "name": "https://ipsilon-project.org/release/2.1.0.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638" "url": "https://ipsilon-project.org/release/2.1.0.html"
}, },
{ {
"name" : "https://ipsilon-project.org/advisory/CVE-2016-8638.txt", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://ipsilon-project.org/advisory/CVE-2016-8638.txt" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638"
}, },
{ {
"name" : "https://ipsilon-project.org/release/2.1.0.html", "name": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://ipsilon-project.org/release/2.1.0.html" "url": "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c"
}, },
{ {
"name" : "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c", "name": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c" "url": "https://ipsilon-project.org/advisory/CVE-2016-8638.txt"
}, },
{ {
"name" : "RHSA-2016:2809", "name": "94439",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2809.html" "url": "http://www.securityfocus.com/bid/94439"
}, },
{ {
"name" : "94439", "name": "RHSA-2016:2809",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/94439" "url": "http://rhn.redhat.com/errata/RHSA-2016-2809.html"
} }
] ]
} }

76
2016/8xxx/CVE-2016-8737.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-02-10T00:00:00", "DATE_PUBLIC": "2017-02-10T00:00:00",
"ID" : "CVE-2016-8737", "ID": "CVE-2016-8737",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Brooklyn", "product_name": "Apache Brooklyn",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.9.0 and all prior versions" "version_value": "0.9.0 and all prior versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability." "value": "In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF)" "value": "Cross-site request forgery (CSRF)"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[dev] 20170210 [SECURITY] CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn", "name": "https://brooklyn.apache.org/community/security/CVE-2016-8737.html",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "https://lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953@%3Cdev.brooklyn.apache.org%3E" "url": "https://brooklyn.apache.org/community/security/CVE-2016-8737.html"
}, },
{ {
"name" : "https://brooklyn.apache.org/community/security/CVE-2016-8737.html", "name": "96228",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://brooklyn.apache.org/community/security/CVE-2016-8737.html" "url": "http://www.securityfocus.com/bid/96228"
}, },
{ {
"name" : "96228", "name": "[dev] 20170210 [SECURITY] CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn",
"refsource" : "BID", "refsource": "MLIST",
"url" : "http://www.securityfocus.com/bid/96228" "url": "https://lists.apache.org/thread.html/877813aaaa0e636adbc36106b89a54e0e6918f0884e9c8b67d5d5953@%3Cdev.brooklyn.apache.org%3E"
} }
] ]
} }

22
2016/8xxx/CVE-2016-8956.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8956", "ID": "CVE-2016-8956",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2016/9xxx/CVE-2016-9152.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9152", "ID": "CVE-2016-9152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter." "value": "Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://core.spip.net/projects/spip/repository/revisions/23290", "name": "94658",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://core.spip.net/projects/spip/repository/revisions/23290" "url": "http://www.securityfocus.com/bid/94658"
}, },
{ {
"name" : "94658", "name": "1037392",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/94658" "url": "http://www.securitytracker.com/id/1037392"
}, },
{ {
"name" : "1037392", "name": "https://core.spip.net/projects/spip/repository/revisions/23290",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1037392" "url": "https://core.spip.net/projects/spip/repository/revisions/23290"
} }
] ]
} }

22
2016/9xxx/CVE-2016-9510.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9510", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2016-9510",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }

68
2016/9xxx/CVE-2016-9561.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9561", "ID": "CVE-2016-9561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file." "value": "The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20161208 [CVE-2016-9561] ffmpeg crashes on decoding MOV file", "name": "[oss-security] 20161208 [CVE-2016-9561] ffmpeg crashes on decoding MOV file",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/08/1" "url": "http://www.openwall.com/lists/oss-security/2016/12/08/1"
}, },
{ {
"name" : "94756", "name": "94756",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/94756" "url": "http://www.securityfocus.com/bid/94756"
} }
] ]
} }

110
2016/9xxx/CVE-2016-9775.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-9775", "ID": "CVE-2016-9775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack." "value": "The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging", "name": "USN-3177-2",
"refsource" : "MLIST", "refsource": "UBUNTU",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/02/5" "url": "http://www.ubuntu.com/usn/USN-3177-2"
}, },
{ {
"name" : "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging", "name": "94643",
"refsource" : "MLIST", "refsource": "BID",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/02/10" "url": "http://www.securityfocus.com/bid/94643"
}, },
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385", "name": "DSA-3739",
"refsource" : "CONFIRM", "refsource": "DEBIAN",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385" "url": "http://www.debian.org/security/2016/dsa-3739"
}, },
{ {
"name" : "https://security.netapp.com/advisory/ntap-20180731-0002/", "name": "DSA-3738",
"refsource" : "CONFIRM", "refsource": "DEBIAN",
"url" : "https://security.netapp.com/advisory/ntap-20180731-0002/" "url": "http://www.debian.org/security/2016/dsa-3738"
}, },
{ {
"name" : "DSA-3738", "name": "[oss-security] 20161202 CVE request: tomcat privilege escalations in Debian packaging",
"refsource" : "DEBIAN", "refsource": "MLIST",
"url" : "http://www.debian.org/security/2016/dsa-3738" "url": "http://www.openwall.com/lists/oss-security/2016/12/02/5"
}, },
{ {
"name" : "DSA-3739", "name": "[oss-security] 20161202 Re: CVE request: tomcat privilege escalations in Debian packaging",
"refsource" : "DEBIAN", "refsource": "MLIST",
"url" : "http://www.debian.org/security/2016/dsa-3739" "url": "http://www.openwall.com/lists/oss-security/2016/12/02/10"
}, },
{ {
"name" : "USN-3177-1", "name": "USN-3177-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3177-1" "url": "http://www.ubuntu.com/usn/USN-3177-1"
}, },
{ {
"name" : "USN-3177-2", "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "http://www.ubuntu.com/usn/USN-3177-2" "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385"
}, },
{ {
"name" : "94643", "name": "https://security.netapp.com/advisory/ntap-20180731-0002/",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/94643" "url": "https://security.netapp.com/advisory/ntap-20180731-0002/"
} }
] ]
} }

102
2019/2xxx/CVE-2019-2498.json
View File

@ -1,99 +1,99 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2498", "ID": "CVE-2019-2498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Partner Management", "product_name": "Partner Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.6" "version_value": "12.2.6"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.7" "version_value": "12.2.7"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.8" "version_value": "12.2.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." "value": "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data." "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name": "106620",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "url": "http://www.securityfocus.com/bid/106620"
}, },
{ {
"name" : "106620", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/106620" "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
} }
] ]
} }

22
2019/2xxx/CVE-2019-2642.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2642", "ID": "CVE-2019-2642",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2019/2xxx/CVE-2019-2655.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2655", "ID": "CVE-2019-2655",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2019/2xxx/CVE-2019-2717.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2717", "ID": "CVE-2019-2717",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2019/2xxx/CVE-2019-2955.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2955", "ID": "CVE-2019-2955",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2019/6xxx/CVE-2019-6270.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6270", "ID": "CVE-2019-6270",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2019/6xxx/CVE-2019-6395.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6395", "ID": "CVE-2019-6395",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

66
2019/6xxx/CVE-2019-6597.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-03-11T00:00:00", "DATE_PUBLIC": "2019-03-11T00:00:00",
"ID" : "CVE-2019-6597", "ID": "CVE-2019-6597",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator); Enterprise Manager", "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator); Enterprise Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8" "version_value": "13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, 11.5.1-11.5.8"
}, },
{ {
"version_value" : "EM 3.1.1" "version_value": "EM 3.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced." "value": "In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "privilege escalation" "value": "privilege escalation"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://support.f5.com/csp/article/K29280193", "name": "https://support.f5.com/csp/article/K29280193",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.f5.com/csp/article/K29280193" "url": "https://support.f5.com/csp/article/K29280193"
} }
] ]
} }