admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:32:50 +00:00
parent 8778677cac
commit 4a764f61be
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3498 additions and 3498 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/5xxx/CVE-2006-5212.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.trendmicro.com/download/product.asp?productid=5",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"name" : "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
},
{
"name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"name" : "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"name" : "20330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20330"
},
{
"name" : "ADV-2006-3882",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3882"
},
{
"name" : "22156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22156"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20330"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1257_readme.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt"
},
{
"name": "ADV-2006-3882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3882"
},
{
"name": "22156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22156"
},
{
"name": "http://www.trendmicro.com/download/product.asp?productid=5",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/download/product.asp?productid=5"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt"
}
]
}
}

170
2006/5xxx/CVE-2006-5413.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2553",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2553"
},
{
"name" : "20568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20568"
},
{
"name" : "20570",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20570"
},
{
"name" : "ADV-2006-4042",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4042"
},
{
"name" : "22437",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22437"
},
{
"name" : "yabbsm-sourcedir-file-include(29559)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) content/portalshow.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20568"
},
{
"name": "22437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22437"
},
{
"name": "20570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20570"
},
{
"name": "yabbsm-sourcedir-file-include(29559)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29559"
},
{
"name": "ADV-2006-4042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4042"
},
{
"name": "2553",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2553"
}
]
}
}

160
2006/5xxx/CVE-2006-5566.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061023 Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449499/100/0/threaded"
},
{
"name" : "20685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20685"
},
{
"name" : "ADV-2006-4219",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4219"
},
{
"name" : "22541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22541"
},
{
"name" : "1791",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22541"
},
{
"name": "20061023 Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449499/100/0/threaded"
},
{
"name": "ADV-2006-4219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4219"
},
{
"name": "20685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20685"
},
{
"name": "1791",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1791"
}
]
}
}

140
2007/2xxx/CVE-2007-2008.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070411 pL-PHP beta 0.9 - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465340/100/0/threaded"
},
{
"name" : "3704",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3704"
},
{
"name" : "ADV-2007-1352",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070411 pL-PHP beta 0.9 - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465340/100/0/threaded"
},
{
"name": "3704",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3704"
},
{
"name": "ADV-2007-1352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1352"
}
]
}
}

210
2007/2xxx/CVE-2007-2109.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka \"Oracle Streams\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf",
"refsource" : "MISC",
"url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf"
},
{
"name" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "TA07-108A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name" : "23532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23532"
},
{
"name" : "ADV-2007-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name" : "1017927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka \"Oracle Streams\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-108A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name": "23532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23532"
},
{
"name": "1017927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017927"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf"
}
]
}
}

160
2007/2xxx/CVE-2007-2238.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-2238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#789121",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/789121"
},
{
"name" : "34532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34532"
},
{
"name" : "34725",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34725"
},
{
"name" : "ADV-2009-1061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1061"
},
{
"name" : "iag-activex-bo(49888)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#789121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/789121"
},
{
"name": "ADV-2009-1061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1061"
},
{
"name": "34725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34725"
},
{
"name": "34532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34532"
},
{
"name": "iag-activex-bo(49888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49888"
}
]
}
}

170
2007/2xxx/CVE-2007-2533.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.trendmicro.com/download_beta/product.asp?productid=17",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/download_beta/product.asp?productid=17"
},
{
"name" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt"
},
{
"name" : "35791",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35791"
},
{
"name" : "35792",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35792"
},
{
"name" : "ADV-2007-1689",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1689"
},
{
"name" : "serverprotect-multiple-bo(34171)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1689",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1689"
},
{
"name": "35792",
"refsource": "OSVDB",
"url": "http://osvdb.org/35792"
},
{
"name": "35791",
"refsource": "OSVDB",
"url": "http://osvdb.org/35791"
},
{
"name": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch2_readme.txt"
},
{
"name": "http://www.trendmicro.com/download_beta/product.asp?productid=17",
"refsource": "CONFIRM",
"url": "http://www.trendmicro.com/download_beta/product.asp?productid=17"
},
{
"name": "serverprotect-multiple-bo(34171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34171"
}
]
}
}

160
2007/2xxx/CVE-2007-2560.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3867",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3867"
},
{
"name" : "20070509 true: ACGV Annu (rubrik) LFI",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-May/001605.html"
},
{
"name" : "23842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23842"
},
{
"name" : "36181",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36181"
},
{
"name" : "acgv-annu-acgv-file-include(34108)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3867",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3867"
},
{
"name": "20070509 true: ACGV Annu (rubrik) LFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001605.html"
},
{
"name": "36181",
"refsource": "OSVDB",
"url": "http://osvdb.org/36181"
},
{
"name": "acgv-annu-acgv-file-include(34108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34108"
},
{
"name": "23842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23842"
}
]
}
}

150
2007/3xxx/CVE-2007-3146.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070607 Zen Help Desk ==> Version 2.1 Bypass/",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470803/100/0/threaded"
},
{
"name" : "39231",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39231"
},
{
"name" : "2788",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2788"
},
{
"name" : "zen-zenhelpdesk-information-disclosure(34770)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39231",
"refsource": "OSVDB",
"url": "http://osvdb.org/39231"
},
{
"name": "20070607 Zen Help Desk ==> Version 2.1 Bypass/",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470803/100/0/threaded"
},
{
"name": "zen-zenhelpdesk-information-disclosure(34770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34770"
},
{
"name": "2788",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2788"
}
]
}
}

210
2007/3xxx/CVE-2007-3751.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=306896",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306896"
},
{
"name" : "APPLE-SA-2007-11-05",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"
},
{
"name" : "TA07-310A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"
},
{
"name" : "VU#319771",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/319771"
},
{
"name" : "26339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26339"
},
{
"name" : "ADV-2007-3723",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3723"
},
{
"name" : "38548",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38548"
},
{
"name" : "1018894",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018894"
},
{
"name" : "27523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27523"
},
{
"name" : "apple-quicktime-javaapplet-code-execution(38271)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38271"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-310A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-310A.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306896",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306896"
},
{
"name": "APPLE-SA-2007-11-05",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00000.html"
},
{
"name": "27523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27523"
},
{
"name": "apple-quicktime-javaapplet-code-execution(38271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38271"
},
{
"name": "1018894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018894"
},
{
"name": "26339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26339"
},
{
"name": "VU#319771",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/319771"
},
{
"name": "38548",
"refsource": "OSVDB",
"url": "http://osvdb.org/38548"
},
{
"name": "ADV-2007-3723",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3723"
}
]
}
}

140
2007/6xxx/CVE-2007-6534.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071222 Microsoft Office Publisher",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485456/100/0/threaded"
},
{
"name" : "26982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26982"
},
{
"name" : "3490",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26982"
},
{
"name": "3490",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3490"
},
{
"name": "20071222 Microsoft Office Publisher",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485456/100/0/threaded"
}
]
}
}

190
2007/6xxx/CVE-2007-6642.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071227 [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485676/100/0/threaded"
},
{
"name" : "http://www.joomla.org/content/view/4335/116/",
"refsource" : "MISC",
"url" : "http://www.joomla.org/content/view/4335/116/"
},
{
"name" : "MDVSA-2008:060",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:060"
},
{
"name" : "28111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28111"
},
{
"name" : "41263",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/41263"
},
{
"name" : "1019145",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019145"
},
{
"name" : "29257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29257"
},
{
"name" : "3505",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28111"
},
{
"name": "29257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29257"
},
{
"name": "1019145",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019145"
},
{
"name": "http://www.joomla.org/content/view/4335/116/",
"refsource": "MISC",
"url": "http://www.joomla.org/content/view/4335/116/"
},
{
"name": "20071227 [HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485676/100/0/threaded"
},
{
"name": "MDVSA-2008:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:060"
},
{
"name": "3505",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3505"
},
{
"name": "41263",
"refsource": "OSVDB",
"url": "http://osvdb.org/41263"
}
]
}
}

140
2010/0xxx/CVE-2010-0721.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt"
},
{
"name" : "11488",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11488"
},
{
"name" : "auktionshausgelb-news-sql-injection(56332)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56332"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11488",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11488"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/auktionshausgelb-sql.txt"
},
{
"name": "auktionshausgelb-news-sql-injection(56332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56332"
}
]
}
}

140
2010/0xxx/CVE-2010-0874.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name" : "TA10-103B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name" : "1023872",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Communications - Oracle Communications Unified Inventory Management component in Oracle Industry Product Suite 7.1 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-103B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "1023872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023872"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
}
]
}
}

160
2010/1xxx/CVE-2010-1269.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/",
"refsource" : "MISC",
"url" : "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/"
},
{
"name" : "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt"
},
{
"name" : "11805",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11805"
},
{
"name" : "38971",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38971"
},
{
"name" : "niedrig-auktion-sql-injection(57020)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "niedrig-auktion-sql-injection(57020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57020"
},
{
"name": "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/",
"refsource": "MISC",
"url": "http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/"
},
{
"name": "11805",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11805"
},
{
"name": "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/phpscripte24-sql.txt"
},
{
"name": "38971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38971"
}
]
}
}

170
2010/1xxx/CVE-2010-1307.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt"
},
{
"name" : "12070",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12070"
},
{
"name" : "39207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39207"
},
{
"name" : "39348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39348"
},
{
"name" : "ADV-2010-0806",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0806"
},
{
"name" : "magicupdater-controller-file-include(57531)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39348"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txt"
},
{
"name": "39207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39207"
},
{
"name": "magicupdater-controller-file-include(57531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57531"
},
{
"name": "ADV-2010-0806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0806"
},
{
"name": "12070",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12070"
}
]
}
}

140
2010/1xxx/CVE-2010-1701.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12444",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12444"
},
{
"name" : "39647",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39647"
},
{
"name" : "ADV-2010-1027",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1027",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1027"
},
{
"name": "12444",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12444"
},
{
"name": "39647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39647"
}
]
}
}

140
2010/1xxx/CVE-2010-1898.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-1898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-060",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "oval:org.mitre.oval:def:12033",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "MS10-060",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-060"
},
{
"name": "oval:org.mitre.oval:def:12033",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12033"
}
]
}
}

240
2010/1xxx/CVE-2010-1927.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12398",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12398"
},
{
"name" : "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt"
},
{
"name" : "64202",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64202"
},
{
"name" : "64203",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64203"
},
{
"name" : "64204",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64204"
},
{
"name" : "64205",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64205"
},
{
"name" : "64206",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64206"
},
{
"name" : "64207",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64207"
},
{
"name" : "64208",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64208"
},
{
"name" : "64209",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64209"
},
{
"name" : "64210",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64210"
},
{
"name" : "39624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39624"
},
{
"name" : "ADV-2010-1003",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) bible.class.php, (2) dossier.class.php, (3) service.class.php, (4) collectivite.class.php, (5) droit.class.php, (6) tache.class.php, (7) emetteur.class.php, (8) utilisateur.class.php, (9) courrier.recherche.tab.class.php, and (10) profil.class.php in obj/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/opencourrier-rfilfi.txt"
},
{
"name": "64207",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64207"
},
{
"name": "12398",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12398"
},
{
"name": "ADV-2010-1003",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1003"
},
{
"name": "64206",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64206"
},
{
"name": "64204",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64204"
},
{
"name": "64205",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64205"
},
{
"name": "64208",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64208"
},
{
"name": "64202",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64202"
},
{
"name": "64210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64210"
},
{
"name": "64203",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64203"
},
{
"name": "39624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39624"
},
{
"name": "64209",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64209"
}
]
}
}

170
2014/0xxx/CVE-2014-0172.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.",
"refsource" : "MLIST",
"url" : "https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html"
},
{
"name" : "[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/54"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085663",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1085663"
},
{
"name" : "GLSA-201612-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-32"
},
{
"name" : "USN-2188-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2188-1"
},
{
"name" : "66714",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66714"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/54"
},
{
"name": "[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.",
"refsource": "MLIST",
"url": "https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html"
},
{
"name": "GLSA-201612-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-32"
},
{
"name": "66714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66714"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1085663",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085663"
},
{
"name": "USN-2188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2188-1"
}
]
}
}

220
2014/0xxx/CVE-2014-0181.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-netdev&m=139828832919748&w=2"
},
{
"name" : "[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/23/6"
},
{
"name" : "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9"
},
{
"name" : "RHSA-2014:1959",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1959.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0652",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "SUSE-SU-2015:0736",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45"
},
{
"name": "SUSE-SU-2015:0736",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "SUSE-SU-2015:0652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/23/6"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "RHSA-2014:1959",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1959.html"
},
{
"name": "[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-netdev&m=139828832919748&w=2"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

120
2014/0xxx/CVE-2014-0313.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0321."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0321."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}

160
2014/0xxx/CVE-2014-0331.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"name" : "http://www.fortiguard.com/advisory/FG-IR-14-004",
"refsource" : "CONFIRM",
"url" : "http://www.fortiguard.com/advisory/FG-IR-14-004"
},
{
"name" : "VU#667340",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/667340"
},
{
"name" : "66642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66642"
},
{
"name" : "1030018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#667340",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/667340"
},
{
"name": "1030018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030018"
},
{
"name": "66642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66642"
},
{
"name": "20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/53"
},
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-004",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-004"
}
]
}
}

120
2014/0xxx/CVE-2014-0335.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#823452",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/823452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#823452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/823452"
}
]
}
}

34
2014/0xxx/CVE-2014-0926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/1xxx/CVE-2014-1424.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a \"miscompilation flaw.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2014-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "USN-2413-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2413-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a \"miscompilation flaw.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2413-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2413-1"
}
]
}
}

430
2014/1xxx/CVE-2014-1574.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174"
},
{
"name" : "https://advisories.mageia.org/MGASA-2014-0421.html",
"refsource" : "CONFIRM",
"url" : "https://advisories.mageia.org/MGASA-2014-0421.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3050",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3050"
},
{
"name" : "DSA-3061",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3061"
},
{
"name" : "FEDORA-2014-13042",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name" : "FEDORA-2014-14084",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2014:1635",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
},
{
"name" : "RHSA-2014:1647",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
},
{
"name" : "openSUSE-SU-2014:1343",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
},
{
"name" : "openSUSE-SU-2014:1346",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
},
{
"name" : "openSUSE-SU-2014:1344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name" : "openSUSE-SU-2014:1345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name" : "openSUSE-SU-2015:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "USN-2372-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name" : "USN-2373-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2373-1"
},
{
"name" : "70436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70436"
},
{
"name" : "1031028",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031028"
},
{
"name" : "1031030",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031030"
},
{
"name" : "61387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61387"
},
{
"name" : "61854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61854"
},
{
"name" : "62021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62021"
},
{
"name" : "62022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62022"
},
{
"name" : "62023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-74.html"
},
{
"name": "62021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62021"
},
{
"name": "openSUSE-SU-2015:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name": "openSUSE-SU-2014:1344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name": "openSUSE-SU-2014:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
},
{
"name": "FEDORA-2014-13042",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1064346"
},
{
"name": "1031028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031028"
},
{
"name": "openSUSE-SU-2014:1345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name": "USN-2373-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2373-1"
},
{
"name": "https://advisories.mageia.org/MGASA-2014-0421.html",
"refsource": "CONFIRM",
"url": "https://advisories.mageia.org/MGASA-2014-0421.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061214"
},
{
"name": "RHSA-2014:1635",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
},
{
"name": "FEDORA-2014-14084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name": "RHSA-2014:1647",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1061600"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1011354"
},
{
"name": "61387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61387"
},
{
"name": "USN-2372-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072174"
},
{
"name": "62022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62022"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "1031030",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031030"
},
{
"name": "62023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62023"
},
{
"name": "openSUSE-SU-2014:1343",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1072044"
},
{
"name": "DSA-3050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3050"
},
{
"name": "61854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61854"
},
{
"name": "70436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70436"
},
{
"name": "DSA-3061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3061"
}
]
}
}

34
2014/1xxx/CVE-2014-1871.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1871",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1871",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4777.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4777",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4777",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/4xxx/CVE-2014-4869.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#111588",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/111588"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#111588",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/111588"
}
]
}
}

160
2014/5xxx/CVE-2014-5881.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#228385",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/228385"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "JVN#48270605",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name" : "JVNDB-2014-000116",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#228385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2016/10xxx/CVE-2016-10143.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://dev.tiki.org/item6174",
"refsource" : "CONFIRM",
"url" : "https://dev.tiki.org/item6174"
},
{
"name" : "https://sourceforge.net/p/tikiwiki/code/60308/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/tikiwiki/code/60308/"
},
{
"name" : "96787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96787"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96787"
},
{
"name": "https://dev.tiki.org/item6174",
"refsource": "CONFIRM",
"url": "https://dev.tiki.org/item6174"
},
{
"name": "https://sourceforge.net/p/tikiwiki/code/60308/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/tikiwiki/code/60308/"
}
]
}
}

122
2016/10xxx/CVE-2016-10669.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "soci node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "soci node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/270",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/270",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/270"
}
]
}
}

120
2016/3xxx/CVE-2016-3145.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.lexmark.com/index?page=content&id=TE760",
"refsource" : "CONFIRM",
"url" : "http://support.lexmark.com/index?page=content&id=TE760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows physically proximate attackers to obtain sensitive information via direct read operations on non-volatile memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.lexmark.com/index?page=content&id=TE760",
"refsource": "CONFIRM",
"url": "http://support.lexmark.com/index?page=content&id=TE760"
}
]
}
}

130
2016/3xxx/CVE-2016-3740.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html",
"refsource" : "MISC",
"url" : "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3882.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630"
},
{
"name" : "93295",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93295"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93295"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630"
}
]
}
}

172
2016/8xxx/CVE-2016-8628.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2016-8628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ansible",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
],
[
{
"vectorString" : "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ansible",
"version": {
"version_data": [
{
"version_value": "2.2.0"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"
},
{
"name" : "RHSA-2016:2778",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:2778"
},
{
"name" : "94109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.6/CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2778",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:2778"
},
{
"name": "94109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94109"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8628"
}
]
}
}

130
2016/8xxx/CVE-2016-8756.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-8756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Mate8 NXT-AL10C00B197 and earlier versions,NXT-DL10C00B197 and earlier versions,NXT-TL10C00B197 and earlier versions,NXT-CL10C00B197 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en"
},
{
"name" : "93935",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93935"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93935"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en"
}
]
}
}

170
2016/8xxx/CVE-2016-8883.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161017 Re: Re: Fuzzing jasper",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/17/1"
},
{
"name" : "[oss-security] 20161022 Re: Fuzzing jasper",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/23/8"
},
{
"name" : "https://github.com/mdadams/jasper/issues/32",
"refsource" : "CONFIRM",
"url" : "https://github.com/mdadams/jasper/issues/32"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "USN-3693-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3693-1/"
},
{
"name" : "95865",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95865"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95865"
},
{
"name": "https://github.com/mdadams/jasper/issues/32",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/issues/32"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "[oss-security] 20161017 Re: Re: Fuzzing jasper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/17/1"
},
{
"name": "[oss-security] 20161022 Re: Fuzzing jasper",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/23/8"
},
{
"name": "USN-3693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3693-1/"
}
]
}
}

266
2016/9xxx/CVE-2016-9079.json
View File

@ -1,135 +1,135 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2016-9079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "50.0.2"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.5.1"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.5.1"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free in SVG Animation"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "50.0.2"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.5.1"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.5.1"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41151",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41151/"
},
{
"name" : "42327",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42327/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-92/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-92/"
},
{
"name" : "DSA-3730",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2016/dsa-3730"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "GLSA-201701-35",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-35"
},
{
"name" : "RHSA-2016:2843",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2843.html"
},
{
"name" : "RHSA-2016:2850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2850.html"
},
{
"name" : "94591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94591"
},
{
"name" : "1037370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in SVG Animation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2843",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"
},
{
"name": "GLSA-201701-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-35"
},
{
"name": "1037370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037370"
},
{
"name": "42327",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42327/"
},
{
"name": "RHSA-2016:2850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-92/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"
},
{
"name": "94591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94591"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "41151",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41151/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"
}
]
}
}

130
2016/9xxx/CVE-2016-9259.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/tns-2016-17",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-17"
},
{
"name" : "1037293",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-17"
},
{
"name": "1037293",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037293"
}
]
}
}

170
2016/9xxx/CVE-2016-9950.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40937",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40937/"
},
{
"name" : "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource" : "MISC",
"url" : "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name" : "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource" : "MISC",
"url" : "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name" : "USN-3157-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name" : "95011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}

34
2019/2xxx/CVE-2019-2060.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2060",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2060",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2226.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2226",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2226",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2585.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2585",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2585",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2711.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2711",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2711",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2832.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2832",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2832",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6383.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6383",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6383",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6402.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6402",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6402",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2019/6xxx/CVE-2019-6517.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-29T00:00:00",
"ID" : "CVE-2019-6517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BD FACSLyric",
"version" : {
"version_data" : [
{
"version_value" : "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER ACCESS CONTROL CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-29T00:00:00",
"ID": "CVE-2019-6517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD FACSLyric",
"version": {
"version_data": [
{
"version_value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02"
},
{
"name" : "106766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 2018 and BD FACSLyric IVD Windows 10 Professional Operating System US release does not properly enforce user access control to privileged accounts, which may allow for unauthorized access to administrative level functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106766"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-029-02"
}
]
}
}

34
2019/6xxx/CVE-2019-6764.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6764",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6764",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}