admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:31:25 +00:00
parent ff32daf8be
commit 4b3dcca889
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 3904 additions and 3904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2007/2xxx/CVE-2007-2630.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2630", "ID": "CVE-2007-2630",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070502 12All File Upload Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/467483/100/0/threaded" "lang": "eng",
}, "value": "Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html."
{ }
"name" : "20070507 Re: 12All File Upload Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/467879/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.activecampaign.com/support/forum/showthread.php?t=3293", "description": [
"refsource" : "MISC", {
"url" : "http://www.activecampaign.com/support/forum/showthread.php?t=3293" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23792", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/23792" ]
}, },
{ "references": {
"name" : "36161", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36161" "name": "http://www.activecampaign.com/support/forum/showthread.php?t=3293",
}, "refsource": "MISC",
{ "url": "http://www.activecampaign.com/support/forum/showthread.php?t=3293"
"name" : "12all-fckeditor-file-upload(34049)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049" "name": "12all-fckeditor-file-upload(34049)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34049"
} },
} {
"name": "20070507 Re: 12All File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467879/100/0/threaded"
},
{
"name": "20070502 12All File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467483/100/0/threaded"
},
{
"name": "36161",
"refsource": "OSVDB",
"url": "http://osvdb.org/36161"
},
{
"name": "23792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23792"
}
]
}
}

160
2007/2xxx/CVE-2007-2817.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2817", "ID": "CVE-2007-2817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3964", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3964" "lang": "eng",
}, "value": "SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "24085", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24085" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36492", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36492" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25356", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25356" ]
}, },
{ "references": {
"name" : "olbookmarks-index-sql-injection(34414)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34414" "name": "25356",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25356"
} },
} {
"name": "3964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3964"
},
{
"name": "24085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24085"
},
{
"name": "36492",
"refsource": "OSVDB",
"url": "http://osvdb.org/36492"
},
{
"name": "olbookmarks-index-sql-injection(34414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34414"
}
]
}
}

180
2007/2xxx/CVE-2007-2898.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2898", "ID": "CVE-2007-2898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070523 [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/469351/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php."
{ }
"name" : "http://www.waraxe.us/advisory-51.html", ]
"refsource" : "MISC", },
"url" : "http://www.waraxe.us/advisory-51.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36569", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36569" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-1923", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/1923" ]
}, },
{ "references": {
"name" : "25336", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25336" "name": "2752",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/2752"
"name" : "2752", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2752" "name": "http://www.waraxe.us/advisory-51.html",
}, "refsource": "MISC",
{ "url": "http://www.waraxe.us/advisory-51.html"
"name" : "2zproject-rating-sql-injection(34471)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34471" "name": "25336",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25336"
} },
} {
"name": "2zproject-rating-sql-injection(34471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34471"
},
{
"name": "ADV-2007-1923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1923"
},
{
"name": "20070523 [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469351/100/0/threaded"
},
{
"name": "36569",
"refsource": "OSVDB",
"url": "http://osvdb.org/36569"
}
]
}
}

34
2007/3xxx/CVE-2007-3766.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3766", "ID": "CVE-2007-3766",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2007/3xxx/CVE-2007-3803.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3803", "ID": "CVE-2007-3803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf" "lang": "eng",
}, "value": "The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists."
{ }
"name" : "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37974", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37974" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25957", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25957" ]
}, },
{ "references": {
"name" : "clavister-smtp-security-bypass(35371)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35371" "name": "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf",
} "refsource": "CONFIRM",
] "url": "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_80_04.pdf"
} },
} {
"name": "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf",
"refsource": "CONFIRM",
"url": "http://www.clavister.com/releasenotes/CorePlus_Release_Notes_8_81_01.pdf"
},
{
"name": "37974",
"refsource": "OSVDB",
"url": "http://osvdb.org/37974"
},
{
"name": "25957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25957"
},
{
"name": "clavister-smtp-security-bypass(35371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35371"
}
]
}
}

230
2007/3xxx/CVE-2007-3861.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3861", "ID": "CVE-2007-3861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", }
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" ]
}, },
{ "references": {
"name" : "SSRT061201", "reference_data": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143" "name": "SSRT061201",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"
"name" : "TA07-200A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-200A.html" "name": "26114",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26114"
"name" : "ADV-2007-2562", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2562" "name": "26166",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26166"
"name" : "ADV-2007-2635", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2635" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"
"name" : "1018415", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018415" "name": "TA07-200A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"
"name" : "26114", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26114" "name": "ADV-2007-2562",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2562"
"name" : "26166", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26166" "name": "ADV-2007-2635",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2635"
"name" : "oracle-cpu-july2007(35490)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490" "name": "HPSBMA02133",
} "refsource": "HP",
] "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"
} },
} {
"name": "oracle-cpu-july2007(35490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"
},
{
"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"
},
{
"name": "1018415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018415"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"
}
]
}
}

180
2007/3xxx/CVE-2007-3890.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2007-3890", "ID": "CVE-2007-3890",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS07-044", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-044" "lang": "eng",
}, "value": "Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption."
{ }
"name" : "TA07-226A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-226A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25280", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25280" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2868", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2868" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:2149", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2149" "name": "oval:org.mitre.oval:def:2149",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2149"
"name" : "1018561", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018561" "name": "25280",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25280"
"name" : "26145", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26145" "name": "ADV-2007-2868",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/2868"
} },
} {
"name": "TA07-226A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "26145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26145"
},
{
"name": "MS07-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-044"
},
{
"name": "1018561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018561"
}
]
}
}

170
2007/4xxx/CVE-2007-4063.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4063", "ID": "CVE-2007-4063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/files/sa-2007-017/advisory.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/files/sa-2007-017/advisory.txt" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API."
{ }
"name" : "25099", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25099" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2697", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2697" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37898", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37898" ]
}, },
{ "references": {
"name" : "26224", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26224" "name": "ADV-2007-2697",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2697"
"name" : "drupal-formsapi-csrf(35639)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35639" "name": "25099",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/25099"
} },
} {
"name": "drupal-formsapi-csrf(35639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35639"
},
{
"name": "http://drupal.org/files/sa-2007-017/advisory.txt",
"refsource": "CONFIRM",
"url": "http://drupal.org/files/sa-2007-017/advisory.txt"
},
{
"name": "26224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26224"
},
{
"name": "37898",
"refsource": "OSVDB",
"url": "http://osvdb.org/37898"
}
]
}
}

200
2007/4xxx/CVE-2007-4070.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4070", "ID": "CVE-2007-4070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-339.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-339.htm" "lang": "eng",
}, "value": "Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors."
{ }
"name" : "102948", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102948-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25070", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25070" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2661", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2661" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:8334", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8334" "name": "1018462",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018462"
"name" : "1018462", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018462" "name": "26344",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26344"
"name" : "26220", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26220" "name": "ADV-2007-2661",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2661"
"name" : "26344", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26344" "name": "26220",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26220"
"name" : "solaris-lbxproxy-information-disclosure(35607)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35607" "name": "oval:org.mitre.oval:def:8334",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8334"
} },
} {
"name": "102948",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102948-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-339.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-339.htm"
},
{
"name": "25070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25070"
},
{
"name": "solaris-lbxproxy-information-disclosure(35607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35607"
}
]
}
}

120
2007/4xxx/CVE-2007-4596.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4596", "ID": "CVE-2007-4596",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4314", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4314" "lang": "eng",
} "value": "The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4314",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4314"
}
]
}
}

200
2007/4xxx/CVE-2007-4815.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4815", "ID": "CVE-2007-4815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070920 WebED-0.8999 Multiple Remote File Inclusion Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/480108/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/."
{ }
"name" : "4384", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/4384" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25608", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25608" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-3171", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/3171" ]
}, },
{ "references": {
"name" : "38395", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38395" "name": "38395",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/38395"
"name" : "38396", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38396" "name": "20070920 WebED-0.8999 Multiple Remote File Inclusion Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/480108/100/0/threaded"
"name" : "38397", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38397" "name": "edengine-codebase-file-include(36532)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36532"
"name" : "38398", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38398" "name": "38397",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/38397"
"name" : "edengine-codebase-file-include(36532)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36532" "name": "38396",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/38396"
} },
} {
"name": "38398",
"refsource": "OSVDB",
"url": "http://osvdb.org/38398"
},
{
"name": "4384",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4384"
},
{
"name": "25608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25608"
},
{
"name": "ADV-2007-3171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3171"
}
]
}
}

170
2007/4xxx/CVE-2007-4817.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4817", "ID": "CVE-2007-4817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4383", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4383" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/."
{ }
"name" : "[VIM] 20070911 MIL 4383", ]
"refsource" : "MLIST", },
"url" : "http://www.attrition.org/pipermail/vim/2007-September/001779.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25612", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25612" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-3139", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/3139" ]
}, },
{ "references": {
"name" : "26756", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26756" "name": "4383",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4383"
"name" : "comprestaurante-index-file-upload(36538)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36538" "name": "[VIM] 20070911 MIL 4383",
} "refsource": "MLIST",
] "url": "http://www.attrition.org/pipermail/vim/2007-September/001779.html"
} },
} {
"name": "26756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26756"
},
{
"name": "25612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25612"
},
{
"name": "ADV-2007-3139",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3139"
},
{
"name": "comprestaurante-index-file-upload(36538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36538"
}
]
}
}

240
2007/6xxx/CVE-2007-6013.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6013", "ID": "CVE-2007-6013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071119 Wordpress Cookie Authentication Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/483927/100/0/threaded" "lang": "eng",
}, "value": "Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash."
{ }
"name" : "20071119 Wordpress Cookie Authentication Vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://trac.wordpress.org/ticket/5367", ]
"refsource" : "CONFIRM", }
"url" : "http://trac.wordpress.org/ticket/5367" ]
}, },
{ "references": {
"name" : "FEDORA-2008-0103", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html" "name": "20071119 Wordpress Cookie Authentication Vulnerability",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html"
"name" : "FEDORA-2008-0126", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html" "name": "FEDORA-2008-0126",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html"
"name" : "ADV-2007-3941", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3941" "name": "http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt",
}, "refsource": "MISC",
{ "url": "http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt"
"name" : "40801", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40801" "name": "http://trac.wordpress.org/ticket/5367",
}, "refsource": "CONFIRM",
{ "url": "http://trac.wordpress.org/ticket/5367"
"name" : "1018980", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018980" "name": "3375",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3375"
"name" : "27714", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27714" "name": "20071119 Wordpress Cookie Authentication Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/483927/100/0/threaded"
"name" : "28310", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28310" "name": "ADV-2007-3941",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3941"
"name" : "3375", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3375" "name": "wordpress-password-weak-security(38578)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38578"
"name" : "wordpress-password-weak-security(38578)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38578" "name": "28310",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/28310"
} },
} {
"name": "1018980",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018980"
},
{
"name": "40801",
"refsource": "OSVDB",
"url": "http://osvdb.org/40801"
},
{
"name": "FEDORA-2008-0103",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html"
},
{
"name": "27714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27714"
}
]
}
}

250
2010/1xxx/CVE-2010-1384.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1384", "ID": "CVE-2010-1384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4196", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4196" "lang": "eng",
}, "value": "Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL."
{ }
"name" : "http://support.apple.com/kb/HT4225", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4225" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4456", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4456" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-06-07-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-06-21-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" "name": "http://support.apple.com/kb/HT4225",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4225"
"name" : "APPLE-SA-2010-11-22-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" "name": "APPLE-SA-2010-06-07-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
"name" : "JVN#46026251", },
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN46026251/index.html" "name": "JVNDB-2010-001538",
}, "refsource": "JVNDB",
{ "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001538.html"
"name" : "JVNDB-2010-001538", },
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001538.html" "name": "40105",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40105"
"name" : "40620", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40620" "name": "ADV-2010-1373",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1373"
"name" : "oval:org.mitre.oval:def:6812", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6812" "name": "42314",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42314"
"name" : "1024067", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024067" "name": "40620",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40620"
"name" : "40105", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40105" "name": "oval:org.mitre.oval:def:6812",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6812"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "http://support.apple.com/kb/HT4456",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4456"
"name" : "ADV-2010-1373", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1373" "name": "1024067",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1024067"
} },
} {
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "JVN#46026251",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN46026251/index.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

280
2010/1xxx/CVE-2010-1389.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1389", "ID": "CVE-2010-1389",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4196", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4196" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection."
{ }
"name" : "http://support.apple.com/kb/HT4225", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4225" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-06-07-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-06-21-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" ]
}, },
{ "references": {
"name" : "MDVSA-2011:039", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" "name": "MDVSA-2011:039",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "ADV-2010-2722",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2722"
"name" : "USN-1006-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1006-1" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "40620", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40620" "name": "USN-1006-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1006-1"
"name" : "oval:org.mitre.oval:def:6649", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6649" "name": "41856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41856"
"name" : "1024067", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024067" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "40105", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40105" "name": "http://support.apple.com/kb/HT4225",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4225"
"name" : "41856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41856" "name": "APPLE-SA-2010-06-07-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "oval:org.mitre.oval:def:6649",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6649"
"name" : "ADV-2010-1373", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1373" "name": "40105",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40105"
"name" : "ADV-2010-2722", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2722" "name": "ADV-2010-1373",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1373"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "ADV-2011-0552", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0552" "name": "40620",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/40620"
} },
} {
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}

360
2010/1xxx/CVE-2010-1422.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1422", "ID": "CVE-2010-1422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=552255", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=552255" "lang": "eng",
}, "value": "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document."
{ }
"name" : "http://support.apple.com/kb/HT4196", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4196" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4220", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4220" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4334", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4334" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT4456", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4456" "name": "MDVSA-2011:039",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
"name" : "APPLE-SA-2010-06-07-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" "name": "http://support.apple.com/kb/HT4220",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4220"
"name" : "APPLE-SA-2010-06-16-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" "name": "ADV-2010-2722",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2722"
"name" : "APPLE-SA-2010-09-08-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "APPLE-SA-2010-11-22-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" "name": "APPLE-SA-2010-09-08-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
"name" : "MDVSA-2011:039", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" "name": "http://support.apple.com/kb/HT4334",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4334"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "USN-1006-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1006-1"
"name" : "USN-1006-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1006-1" "name": "41856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41856"
"name" : "40620", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40620" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "oval:org.mitre.oval:def:7591", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7591" "name": "APPLE-SA-2010-06-07-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
"name" : "1024067", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024067" "name": "40196",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40196"
"name" : "40105", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40105" "name": "40105",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40105"
"name" : "40196", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40196" "name": "ADV-2010-1373",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1373"
"name" : "41856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41856" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=552255",
}, "refsource": "MISC",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=552255"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "APPLE-SA-2010-06-16-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "ADV-2010-1373", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1373" "name": "oval:org.mitre.oval:def:7591",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7591"
"name" : "ADV-2010-1512", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1512" "name": "42314",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42314"
"name" : "ADV-2010-2722", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2722" "name": "ADV-2010-1512",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1512"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "40620",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40620"
"name" : "ADV-2011-0552", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0552" "name": "ADV-2011-0552",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0552"
} },
} {
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

130
2010/5xxx/CVE-2010-5004.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5004", "ID": "CVE-2010-5004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14074", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14074" "lang": "eng",
}, "value": "SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter."
{ }
"name" : "41172", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41172" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41172"
},
{
"name": "14074",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14074"
}
]
}
}

120
2010/5xxx/CVE-2010-5071.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5071", "ID": "CVE-2010-5071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://w2spconf.com/2010/papers/p26.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://w2spconf.com/2010/papers/p26.pdf" "lang": "eng",
} "value": "The JavaScript implementation in Microsoft Internet Explorer 8.0 and earlier does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://w2spconf.com/2010/papers/p26.pdf",
"refsource": "MISC",
"url": "http://w2spconf.com/2010/papers/p26.pdf"
}
]
}
}

190
2014/0xxx/CVE-2014-0515.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0515", "ID": "CVE-2014-0515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-13.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-13.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014."
{ }
"name" : "GLSA-201405-04", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201405-04.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2014:0447", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0447.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2014:0605", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2014:0585", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html" "name": "67092",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/67092"
"name" : "openSUSE-SU-2014:0589", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html" "name": "openSUSE-SU-2014:0585",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html"
"name" : "67092", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67092" "name": "openSUSE-SU-2014:0589",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html"
"name" : "1030155", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030155" "name": "GLSA-201405-04",
} "refsource": "GENTOO",
] "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"
} },
} {
"name": "SUSE-SU-2014:0605",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html"
},
{
"name": "RHSA-2014:0447",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0447.html"
},
{
"name": "1030155",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030155"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-13.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-13.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0753.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-0753", "ID": "CVE-2014-0753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01" "lang": "eng",
}, "value": "Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory."
{ }
"name" : "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102171", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102171" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "102171",
"refsource": "OSVDB",
"url": "http://osvdb.org/102171"
},
{
"name": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/",
"refsource": "CONFIRM",
"url": "http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01"
}
]
}
}

130
2014/1xxx/CVE-2014-1806.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-1806", "ID": "CVE-2014-1806",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka \"TypeFilterLevel Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-026", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026" "lang": "eng",
}, "value": "The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka \"TypeFilterLevel Vulnerability.\""
{ }
"name" : "67286", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67286" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-026",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-026"
},
{
"name": "67286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67286"
}
]
}
}

180
2014/5xxx/CVE-2014-5015.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2014-5015", "ID": "CVE-2014-5015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140718 Re: CVE Request: bozohttpd: basic http authentication bypass", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q3/180" "lang": "eng",
}, "value": "bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path."
{ }
"name" : "http://www.eterna.com.au/bozohttpd/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.eterna.com.au/bozohttpd/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.eterna.com.au/bozohttpd/CHANGES", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.eterna.com.au/bozohttpd/CHANGES" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "NetBSD-SA2014-007", ]
"refsource" : "NETBSD", }
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc" ]
}, },
{ "references": {
"name" : "68752", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68752" "name": "68752",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68752"
"name" : "109283", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/109283" "name": "NetBSD-SA2014-007",
}, "refsource": "NETBSD",
{ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-007.txt.asc"
"name" : "netbsd-cve20145015-info-disc(94751)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751" "name": "http://www.eterna.com.au/bozohttpd/CHANGES",
} "refsource": "CONFIRM",
] "url": "http://www.eterna.com.au/bozohttpd/CHANGES"
} },
} {
"name": "109283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/109283"
},
{
"name": "http://www.eterna.com.au/bozohttpd/",
"refsource": "CONFIRM",
"url": "http://www.eterna.com.au/bozohttpd/"
},
{
"name": "netbsd-cve20145015-info-disc(94751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94751"
},
{
"name": "[oss-security] 20140718 Re: CVE Request: bozohttpd: basic http authentication bypass",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/180"
}
]
}
}

120
2014/5xxx/CVE-2014-5335.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5335", "ID": "CVE-2014-5335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140821 [CVE-2014-5335] CSRF in Innovaphone PBX", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533197/100/0/threaded" "lang": "eng",
} "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140821 [CVE-2014-5335] CSRF in Innovaphone PBX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533197/100/0/threaded"
}
]
}
}

34
2014/5xxx/CVE-2014-5433.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5433", "ID": "CVE-2014-5433",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/5xxx/CVE-2014-5610.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5610", "ID": "CVE-2014-5610",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ce4arab market (aka com.dreamstep.wce4arabmarket) application 0.12.13093.40460 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The ce4arab market (aka com.dreamstep.wce4arabmarket) application 0.12.13093.40460 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#525561", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/525561" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#525561",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/525561"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2015/2xxx/CVE-2015-2165.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2165", "ID": "CVE-2015-2165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (c) top-useragent-devices.jsp or (d) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (e) user-statistics.jsp, (f) top-web-pages.jsp, (g) top-devices.jsp, (h) top-pages.jsp, (i) session-summary.jsp, (j) top-providers.jsp, (k) top-modules.jsp, or (l) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (m) message-providers-summary.jsp or (n) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (o) top-message-providers.jsp, (p) top-message-devices.jsp, (q) top-message-assets.jsp, (r) top-message-downloads.jsp, or (s) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (t) provider-summary.jsp or (u) module-summary.jsp in reports/pages/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/131232/Ericsson-Drutt-MSDP-Report-Viewer-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/131232/Ericsson-Drutt-MSDP-Report-Viewer-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate, (4) fromTime, (5) toTime, (6) kword, (7) uname, (8) pname, (9) sname, (10) atype, or (11) atitle parameter to top-links.jsp; (12) portal or (13) uid parameter to (a) page-summary.jsp or (b) service-summary.jsp; (14) portal, (15) fromDate, (16) toDate, (17) fromTime, (18) toTime, (19) sortDirection, (20) kword, (21) uname, (22) pname, (23) sname, (24) file, (25) atype, or (26) atitle parameter to (c) top-useragent-devices.jsp or (d) top-interest-areas.jsp; (27) fromDate, (28) toDate, (29) fromTime, (30) toTime, (31) sortDirection, (32) kword, (33) uname, (34) pname, (35) sname, (36) file, (37) atype, or (38) atitle parameter to top-message-services.jsp; (39) portal, (40) fromDate, (41) toDate, (42) fromTime, (43) toTime, (44) orderBy, (45) sortDirection, (46) kword, (47) uname, (48) pname, (49) sname, (50) file, (51) atype, or (52) atitle parameter to (e) user-statistics.jsp, (f) top-web-pages.jsp, (g) top-devices.jsp, (h) top-pages.jsp, (i) session-summary.jsp, (j) top-providers.jsp, (k) top-modules.jsp, or (l) top-services.jsp; (53) fromDate, (54) toDate, (55) fromTime, (56) toTime, (57) orderBy, (58) sortDirection, (59) uid, (60) uid2, (61) kword, (62) uname, (63) pname, (64) sname, (65) file, (66) atype, or (67) atitle parameter to message-shortcode-summary.jsp; (68) fromDate, (69) toDate, (70) fromTime, (71) toTime, (72) orderBy, (73) sortDirection, (74) uid, (75) kword, (76) uname, (77) pname, (78) sname, (79) file, (80) atype, or (81) atitle parameter to (m) message-providers-summary.jsp or (n) message-services-summary.jsp; (82) kword, (83) uname, (84) pname, (85) sname, (86) file, (87) atype, or (88) atitle parameter to license-summary.jsp; (89) portal, (90) fromDate, (91) toDate, (92) fromTime, (93) toTime, (94) orderBy, (95) sortDirection, (96) uid, (97) uid2, (98) kword, (99) uname, (100) pname, (101) sname, (102) file, (103) atype, or (104) atitle parameter to useragent-device-summary.jsp; (105) fromDate, (106) toDate, (107) fromTime, (108) toTime, (109) orderBy, (110) sortDirection, (111) kword, (112) uname, (113) pname, (114) sname, (115) file, (116) atype, or (117) atitle parameter to (o) top-message-providers.jsp, (p) top-message-devices.jsp, (q) top-message-assets.jsp, (r) top-message-downloads.jsp, or (s) top-message-shortcode.jsp; (118) fromDate, (119) toDate, (120) fromTime, (121) toTime, (122) kword, (123) uname, (124) pname, (125) sname, (126) file, (127) atype, or (128) atitle parameter to request-summary.jsp; (129) portal parameter to link-summary-select.jsp, (130) provider-summary-select.jsp, or (131) module-summary-select.jsp; (132) portal, (133) uid, (134) kword, (135) uname, (136) pname, (137) sname, (138) file, (139) atype, or (140) atitle parameter to link-summary.jsp; (141) portal, (142) fromDate, (143) toDate, (144) fromTime, (145) toTime, (146) orderBy, (147) sortDirection, (148) uid, (149) kword, (150) uname, (151) pname, (152) sname, (153) file, (154) atype, or (155) atitle parameter to (t) provider-summary.jsp or (u) module-summary.jsp in reports/pages/."
{ }
"name" : "73933", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/73933" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73933"
},
{
"name": "http://packetstormsecurity.com/files/131232/Ericsson-Drutt-MSDP-Report-Viewer-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131232/Ericsson-Drutt-MSDP-Report-Viewer-Cross-Site-Scripting.html"
}
]
}
}

150
2015/2xxx/CVE-2015-2676.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2676", "ID": "CVE-2015-2676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150307 Fw: Vulnerabilities in ASUS RT-G32", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Mar/42" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm."
{ }
"name" : "http://packetstormsecurity.com/files/130724/ASUS-RT-G32-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/130724/ASUS-RT-G32-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://websecurity.com.ua/7644/", "description": [
"refsource" : "MISC", {
"url" : "http://websecurity.com.ua/7644/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "73294", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/73294" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20150307 Fw: Vulnerabilities in ASUS RT-G32",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/42"
},
{
"name": "73294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73294"
},
{
"name": "http://packetstormsecurity.com/files/130724/ASUS-RT-G32-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130724/ASUS-RT-G32-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name": "http://websecurity.com.ua/7644/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7644/"
}
]
}
}

130
2015/6xxx/CVE-2015-6133.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-6133", "ID": "CVE-2015-6133",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Library Loading Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-132", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132" "lang": "eng",
}, "value": "Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Library Loading Remote Code Execution Vulnerability.\""
{ }
"name" : "1034338", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1034338" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034338"
},
{
"name": "MS15-132",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132"
}
]
}
}

130
2015/6xxx/CVE-2015-6270.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-6270", "ID": "CVE-2015-6270",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150827 Cisco ASR 1000 Series Aggregation Services Routers Crafted IPv6 Packet Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40687" "lang": "eng",
}, "value": "Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555."
{ }
"name" : "1033410", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1033410" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033410",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033410"
},
{
"name": "20150827 Cisco ASR 1000 Series Aggregation Services Routers Crafted IPv6 Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40687"
}
]
}
}

140
2016/1000xxx/CVE-2016-1000009.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-1000009", "ID": "CVE-2016-1000009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160701 Logic security flaw in TP-LINK - tplinklogin.net", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2016/Jul/3" "lang": "eng",
}, "value": "TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices."
{ }
"name" : "https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg", ]
"refsource" : "MISC", },
"url" : "https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://pbs.twimg.com/media/CmnQGI0WAAIbPHA.jpg", "description": [
"refsource" : "MISC", {
"url" : "https://pbs.twimg.com/media/CmnQGI0WAAIbPHA.jpg" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg",
"refsource": "MISC",
"url": "https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg"
},
{
"name": "https://pbs.twimg.com/media/CmnQGI0WAAIbPHA.jpg",
"refsource": "MISC",
"url": "https://pbs.twimg.com/media/CmnQGI0WAAIbPHA.jpg"
},
{
"name": "20160701 Logic security flaw in TP-LINK - tplinklogin.net",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jul/3"
}
]
}
}

34
2016/1000xxx/CVE-2016-1000180.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-1000180", "ID": "CVE-2016-1000180",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2016/10xxx/CVE-2016-10067.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10067", "ID": "CVE-2016-10067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving \"too many exceptions,\" which trigger a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/12/26/9" "lang": "eng",
}, "value": "magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving \"too many exceptions,\" which trigger a buffer overflow."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410494", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1410494" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "95220", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/95220" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410494",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410494"
},
{
"name": "95220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95220"
},
{
"name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/26/9"
}
]
}
}

130
2016/10xxx/CVE-2016-10375.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10375", "ID": "CVE-2016-10375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3" "lang": "eng",
}, "value": "Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c."
{ }
"name" : "https://github.com/fbb-git/yodl/issues/1", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/fbb-git/yodl/issues/1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3",
"refsource": "CONFIRM",
"url": "https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3"
},
{
"name": "https://github.com/fbb-git/yodl/issues/1",
"refsource": "CONFIRM",
"url": "https://github.com/fbb-git/yodl/issues/1"
}
]
}
}

150
2016/10xxx/CVE-2016-10507.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10507", "ID": "CVE-2016-10507",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8" "lang": "eng",
}, "value": "Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file."
{ }
"name" : "https://github.com/uclouvain/openjpeg/issues/833", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/uclouvain/openjpeg/issues/833" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201710-26", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-26" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "100567", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/100567" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/uclouvain/openjpeg/issues/833",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/issues/833"
},
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8"
},
{
"name": "100567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100567"
}
]
}
}

122
2016/10xxx/CVE-2016-10557.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2016-10557", "ID": "CVE-2016-10557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "appium-chromedriver node module", "product_name": "appium-chromedriver node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<2.9.4" "version_value": "<2.9.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/162", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/162" "lang": "eng",
} "value": "appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/162",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/162"
}
]
}
}

130
2016/4xxx/CVE-2016-4126.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-4126", "ID": "CVE-2016-4126",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/air/apsb16-23.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/air/apsb16-23.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
{ }
"name" : "MS16-083", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "https://helpx.adobe.com/security/products/air/apsb16-23.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/air/apsb16-23.html"
}
]
}
}

34
2016/4xxx/CVE-2016-4410.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-4410", "ID": "CVE-2016-4410",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

220
2016/4xxx/CVE-2016-4637.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-4637", "ID": "CVE-2016-4637",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0186/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0186/" "lang": "eng",
}, "value": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
{ }
"name" : "https://support.apple.com/HT206902", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT206902" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT206903", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206903" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT206904", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT206904" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT206905", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT206905" "name": "1036344",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036344"
"name" : "APPLE-SA-2016-07-18-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html" "name": "http://www.talosintelligence.com/reports/TALOS-2016-0186/",
}, "refsource": "MISC",
{ "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
"name" : "APPLE-SA-2016-07-18-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html" "name": "APPLE-SA-2016-07-18-4",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
"name" : "APPLE-SA-2016-07-18-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html" "name": "APPLE-SA-2016-07-18-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
"name" : "APPLE-SA-2016-07-18-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html" "name": "APPLE-SA-2016-07-18-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
"name" : "91834", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91834" "name": "91834",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91834"
"name" : "1036344", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036344" "name": "APPLE-SA-2016-07-18-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
} },
} {
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
}
]
}
}

160
2016/4xxx/CVE-2016-4747.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-4747", "ID": "CVE-2016-4747",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207143", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207143" "lang": "eng",
}, "value": "Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors."
{ }
"name" : "APPLE-SA-2016-09-13-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2016-09-20-3", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92932", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92932" ]
}, },
{ "references": {
"name" : "1036797", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036797" "name": "APPLE-SA-2016-09-20-3",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
} },
} {
"name": "1036797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036797"
},
{
"name": "APPLE-SA-2016-09-13-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html"
},
{
"name": "92932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92932"
},
{
"name": "https://support.apple.com/HT207143",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207143"
}
]
}
}

150
2016/4xxx/CVE-2016-4853.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2016-4853", "ID": "CVE-2016-4853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jvn.jp/en/jp/JVN85213412/995740/index.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://jvn.jp/en/jp/JVN85213412/995740/index.html" "lang": "eng",
}, "value": "AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe."
{ }
"name" : "JVN#85213412", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN85213412/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2016-000154", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000154" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92700", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92700" ]
} },
] "references": {
} "reference_data": [
} {
"name": "JVN#85213412",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85213412/index.html"
},
{
"name": "92700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92700"
},
{
"name": "JVNDB-2016-000154",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000154"
},
{
"name": "http://jvn.jp/en/jp/JVN85213412/995740/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN85213412/995740/index.html"
}
]
}
}

150
2016/4xxx/CVE-2016-4866.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2016-4866", "ID": "CVE-2016-4866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.cybozu.com/ja-jp/article/9431", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.cybozu.com/ja-jp/article/9431" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function."
{ }
"name" : "JVN#06726266", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN06726266/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2016-000185", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "93281", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/93281" ]
} },
] "references": {
} "reference_data": [
} {
"name": "JVNDB-2016-000185",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html"
},
{
"name": "93281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93281"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9431",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9431"
},
{
"name": "JVN#06726266",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06726266/index.html"
}
]
}
}

34
2016/8xxx/CVE-2016-8170.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8170", "ID": "CVE-2016-8170",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/8xxx/CVE-2016-8546.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8546", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-8546",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

160
2016/8xxx/CVE-2016-8703.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8703", "ID": "CVE-2016-8703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160818 potrace: multiple crashes", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" "lang": "eng",
}, "value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702."
{ }
"name" : "[oss-security] 20161015 Re: potrace: multiple crashes", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://potrace.sourceforge.net/ChangeLog", ]
"refsource" : "CONFIRM", }
"url" : "http://potrace.sourceforge.net/ChangeLog" ]
}, },
{ "references": {
"name" : "93778", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93778" "name": "93778",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/93778"
} },
} {
"name": "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name": "[oss-security] 20160818 potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name": "http://potrace.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://potrace.sourceforge.net/ChangeLog"
}
]
}
}

170
2016/9xxx/CVE-2016-9297.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9297", "ID": "CVE-2016-9297",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161111 CVE Request: libtiff: read outside buffer in _TIFFPrintField()", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/11/12/2" "lang": "eng",
}, "value": "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values."
{ }
"name" : "[oss-security] 20161114 Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField()", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/11/14/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2590", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2590" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3762", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3762" ]
}, },
{ "references": {
"name" : "GLSA-201701-16", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-16" "name": "GLSA-201701-16",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201701-16"
"name" : "94419", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94419" "name": "[oss-security] 20161111 CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/11/12/2"
} },
} {
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2590",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2590"
},
{
"name": "[oss-security] 20161114 Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/14/7"
},
{
"name": "DSA-3762",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3762"
},
{
"name": "94419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94419"
}
]
}
}

230
2016/9xxx/CVE-2016-9806.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9806", "ID": "CVE-2016-9806",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[netdev] 20160515 BUG: use-after-free in netlink_dump", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.openwall.net/netdev/2016/05/15/69" "lang": "eng",
}, "value": "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated."
{ }
"name" : "[oss-security] 20161203 CVE Request: -- Linux kernel: double free in netlink_dump", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/12/03/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401502", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1401502" "name": "94653",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/94653"
"name" : "https://github.com/torvalds/linux/commit/92964c79b357efd980812c4de5c1fd2ec8bb5520", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/92964c79b357efd980812c4de5c1fd2ec8bb5520" "name": "1037968",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1037968"
"name" : "https://source.android.com/security/bulletin/2017-03-01.html", },
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01.html" "name": "[oss-security] 20161203 CVE Request: -- Linux kernel: double free in netlink_dump",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/12/03/4"
"name" : "RHSA-2017:2669", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2669" "name": "RHSA-2017:2669",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2669"
"name" : "RHSA-2017:1842", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1842" "name": "https://github.com/torvalds/linux/commit/92964c79b357efd980812c4de5c1fd2ec8bb5520",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/92964c79b357efd980812c4de5c1fd2ec8bb5520"
"name" : "RHSA-2017:2077", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2077" "name": "[netdev] 20160515 BUG: use-after-free in netlink_dump",
}, "refsource": "MLIST",
{ "url": "http://lists.openwall.net/netdev/2016/05/15/69"
"name" : "94653", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94653" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520"
"name" : "1037968", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "name": "RHSA-2017:2077",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:2077"
} },
} {
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1401502",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401502"
}
]
}
}

34
2019/2xxx/CVE-2019-2052.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2052", "ID": "CVE-2019-2052",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2123.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2123", "ID": "CVE-2019-2123",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2216.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2216", "ID": "CVE-2019-2216",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2756.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2756", "ID": "CVE-2019-2756",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3067.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3067", "ID": "CVE-2019-3067",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3244.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3244", "ID": "CVE-2019-3244",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3647.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3647", "ID": "CVE-2019-3647",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/3xxx/CVE-2019-3805.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3805", "ID": "CVE-2019-3805",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6186.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6186", "ID": "CVE-2019-6186",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6258.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6258", "ID": "CVE-2019-6258",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2019/6xxx/CVE-2019-6263.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6263", "ID": "CVE-2019-6263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "46200", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/46200/" "lang": "eng",
}, "value": "An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS."
{ }
"name" : "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings", ]
"refsource" : "CONFIRM", },
"url" : "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106638", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106638" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "106638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106638"
},
{
"name": "46200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46200/"
},
{
"name": "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings"
}
]
}
}

132
2019/6xxx/CVE-2019-6592.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2019-02-26T00:00:00", "DATE_PUBLIC": "2019-02-26T00:00:00",
"ID" : "CVE-2019-6592", "ID": "CVE-2019-6592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "14.1.0-14.1.0.1" "version_value": "14.1.0-14.1.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K54167061", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K54167061" "lang": "eng",
}, "value": "On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles."
{ }
"name" : "107176", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/107176" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107176"
},
{
"name": "https://support.f5.com/csp/article/K54167061",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K54167061"
}
]
}
}

34
2019/6xxx/CVE-2019-6933.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6933", "ID": "CVE-2019-6933",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7015.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7015", "ID": "CVE-2019-7015",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7374.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7374", "ID": "CVE-2019-7374",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7455.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7455", "ID": "CVE-2019-7455",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7610.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7610", "ID": "CVE-2019-7610",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }