admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:00:19 +00:00
parent 45574e84fe
commit 54128a2c60
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3992 additions and 3992 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
2007/2xxx/CVE-2007-2120.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2120", "ID": "CVE-2007-2120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070418 Advisory: Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/466160/100/0/threaded" "lang": "eng",
}, "value": "The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01."
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" ]
}, },
{ "references": {
"name" : "HPSBMA02133", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" "name": "TA07-108A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
"name" : "SSRT061201", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" "name": "http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html",
}, "refsource": "MISC",
{ "url": "http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html"
"name" : "TA07-108A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
"name" : "23532", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23532" "name": "23532",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23532"
"name" : "ADV-2007-1426", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1426" "name": "1017927",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1017927"
"name" : "1017927", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1017927" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
} },
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "20070418 Advisory: Shutdown unprotected Oracle TNS Listener via Oracle Discoverer Servlet [AS01]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466160/100/0/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
}
]
}
} }

158
2007/2xxx/CVE-2007-2154.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2154", "ID": "CVE-2007-2154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3756", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3756" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter."
{ }
"name" : "23531", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23531" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1431", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1431" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37574", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37574" ]
}, },
{ "references": {
"name" : "cabronconnector-inclusion-file-include(33716)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33716" "name": "37574",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/37574"
} },
{
"name": "3756",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3756"
},
{
"name": "23531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23531"
},
{
"name": "cabronconnector-inclusion-file-include(33716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33716"
},
{
"name": "ADV-2007-1431",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1431"
}
]
}
} }

248
2007/2xxx/CVE-2007-2227.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2007-2227", "ID": "CVE-2007-2227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/472002/100/0/threaded" "lang": "eng",
}, "value": "The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition \"notifications,\" which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka \"Content Disposition Parsing Cross Domain Information Disclosure Vulnerability.\""
{ }
"name" : "http://archive.openmya.devnull.jp/2007.06/msg00060.html", ]
"refsource" : "MISC", },
"url" : "http://archive.openmya.devnull.jp/2007.06/msg00060.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt", "description": [
"refsource" : "MISC", {
"url" : "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBST02231", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" ]
}, },
{ "references": {
"name" : "SSRT071438", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" "name": "MS07-034",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034"
"name" : "MS07-034", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-034" "name": "SSRT071438",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
"name" : "TA07-163A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" "name": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt",
}, "refsource": "MISC",
{ "url": "http://openmya.hacker.jp/hasegawa/security/ms07-034.txt"
"name" : "24410", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24410" "name": "20070622 MS07-034: Executing arbitrary script with mhtml: protocol handler",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/472002/100/0/threaded"
"name" : "35346", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35346" "name": "1018233",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018233"
"name" : "ADV-2007-2154", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2154" "name": "1018234",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018234"
"name" : "oval:org.mitre.oval:def:2085", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085" "name": "http://archive.openmya.devnull.jp/2007.06/msg00060.html",
}, "refsource": "MISC",
{ "url": "http://archive.openmya.devnull.jp/2007.06/msg00060.html"
"name" : "1018233", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018233" "name": "24410",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24410"
"name" : "1018234", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018234" "name": "TA07-163A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
"name" : "25639", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25639" "name": "25639",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25639"
} },
{
"name": "35346",
"refsource": "OSVDB",
"url": "http://osvdb.org/35346"
},
{
"name": "ADV-2007-2154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2154"
},
{
"name": "oval:org.mitre.oval:def:2085",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2085"
},
{
"name": "HPSBST02231",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
}
]
}
} }

408
2007/2xxx/CVE-2007-2438.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2007-2438", "ID": "CVE-2007-2438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[vim-dev] 20070426 feedkeys() allowed in sandbox", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=vim-dev&m=117762581821298&w=2" "lang": "eng",
}, "value": "The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines."
{ }
"name" : "[vim-dev] 20070428 Re: feedkeys() allowed in sandbox", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=vim-dev&m=117778983714029&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[vimannounce] 20070512 Stable Vim version 7.1 has been released", "description": [
"refsource" : "MLIST", {
"url" : "http://tech.groups.yahoo.com/group/vimannounce/message/178" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://tech.groups.yahoo.com/group/vimdev/message/46627", ]
"refsource" : "MISC", }
"url" : "http://tech.groups.yahoo.com/group/vimdev/message/46627" ]
}, },
{ "references": {
"name" : "http://tech.groups.yahoo.com/group/vimdev/message/46658", "reference_data": [
"refsource" : "MISC", {
"url" : "http://tech.groups.yahoo.com/group/vimdev/message/46658" "name": "25024",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25024"
"name" : "http://tech.groups.yahoo.com/group/vimdev/message/46645", },
"refsource" : "CONFIRM", {
"url" : "http://tech.groups.yahoo.com/group/vimdev/message/46645" "name": "25159",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25159"
"name" : "http://www.vim.org/news/news.php", },
"refsource" : "CONFIRM", {
"url" : "http://www.vim.org/news/news.php" "name": "[vim-dev] 20070426 feedkeys() allowed in sandbox",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=vim-dev&m=117762581821298&w=2"
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259" "name": "1018035",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018035"
"name" : "20070430 FLEA-2007-0014-1: vim", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/467202/100/0/threaded" "name": "USN-463-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-463-1"
"name" : "DSA-1364", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1364" "name": "ADV-2007-1599",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1599"
"name" : "MDKSA-2007:101", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:101" "name": "25182",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25182"
"name" : "RHSA-2007:0346", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0346.html" "name": "2007-0017",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2007/0017/"
"name" : "SUSE-SR:2007:012", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_12_sr.html" "name": "SUSE-SR:2007:012",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2007_12_sr.html"
"name" : "2007-0017", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2007/0017/" "name": "http://tech.groups.yahoo.com/group/vimdev/message/46627",
}, "refsource": "MISC",
{ "url": "http://tech.groups.yahoo.com/group/vimdev/message/46627"
"name" : "USN-463-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-463-1" "name": "[vim-dev] 20070428 Re: feedkeys() allowed in sandbox",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=vim-dev&m=117778983714029&w=2"
"name" : "20070513 OMG VIM VULN", },
"refsource" : "VIM", {
"url" : "http://attrition.org/pipermail/vim/2007-May/001614.html" "name": "RHSA-2007:0346",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2007-0346.html"
"name" : "20070823 vim editor duplicates / clarifications", },
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2007-August/001770.html" "name": "http://tech.groups.yahoo.com/group/vimdev/message/46658",
}, "refsource": "MISC",
{ "url": "http://tech.groups.yahoo.com/group/vimdev/message/46658"
"name" : "23725", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23725" "name": "vim-feedkeyswritefile-command-execution(34012)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34012"
"name" : "36250", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36250" "name": "DSA-1364",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2007/dsa-1364"
"name" : "oval:org.mitre.oval:def:9876", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876" "name": "http://tech.groups.yahoo.com/group/vimdev/message/46645",
}, "refsource": "CONFIRM",
{ "url": "http://tech.groups.yahoo.com/group/vimdev/message/46645"
"name" : "ADV-2007-1599", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1599" "name": "26653",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26653"
"name" : "1018035", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018035" "name": "20070513 OMG VIM VULN",
}, "refsource": "VIM",
{ "url": "http://attrition.org/pipermail/vim/2007-May/001614.html"
"name" : "25024", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25024" "name": "20070823 vim editor duplicates / clarifications",
}, "refsource": "VIM",
{ "url": "http://www.attrition.org/pipermail/vim/2007-August/001770.html"
"name" : "25159", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25159" "name": "http://www.vim.org/news/news.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.vim.org/news/news.php"
"name" : "25182", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25182" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259"
"name" : "25255", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25255" "name": "23725",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23725"
"name" : "25367", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25367" "name": "20070430 FLEA-2007-0014-1: vim",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/467202/100/0/threaded"
"name" : "25432", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25432" "name": "[vimannounce] 20070512 Stable Vim version 7.1 has been released",
}, "refsource": "MLIST",
{ "url": "http://tech.groups.yahoo.com/group/vimannounce/message/178"
"name" : "26653", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26653" "name": "25255",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25255"
"name" : "vim-feedkeyswritefile-command-execution(34012)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34012" "name": "oval:org.mitre.oval:def:9876",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876"
} },
{
"name": "MDKSA-2007:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:101"
},
{
"name": "25432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25432"
},
{
"name": "25367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25367"
},
{
"name": "36250",
"refsource": "OSVDB",
"url": "http://osvdb.org/36250"
}
]
}
} }

178
2007/3xxx/CVE-2007-3021.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3021", "ID": "CVE-2007-3021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html" "lang": "eng",
}, "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."
{ }
"name" : "24313", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24313" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36109", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36109" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2074", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2074" ]
}, },
{ "references": {
"name" : "1018196", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018196" "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html"
"name" : "25543", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25543" "name": "24313",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24313"
"name" : "symantec-reporting-code-execution(34744)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744" "name": "36109",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/36109"
} },
{
"name": "1018196",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018196"
},
{
"name": "ADV-2007-2074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2074"
},
{
"name": "symantec-reporting-code-execution(34744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744"
},
{
"name": "25543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25543"
}
]
}
} }

168
2007/3xxx/CVE-2007-3824.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3824", "ID": "CVE-2007-3824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.packetstormsecurity.org/0707-exploits/mzkblog-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.org/0707-exploits/mzkblog-sql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter."
{ }
"name" : "24909", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24909" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2542", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2542" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36257", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/36257" ]
}, },
{ "references": {
"name" : "26070", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26070" "name": "36257",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/36257"
"name" : "mzkblog-katgoster-sql-injection(35424)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35424" "name": "24909",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/24909"
} },
{
"name": "http://www.packetstormsecurity.org/0707-exploits/mzkblog-sql.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0707-exploits/mzkblog-sql.txt"
},
{
"name": "26070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26070"
},
{
"name": "ADV-2007-2542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2542"
},
{
"name": "mzkblog-katgoster-sql-injection(35424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35424"
}
]
}
} }

148
2007/4xxx/CVE-2007-4038.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4038", "ID": "CVE-2007-4038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070725 Mozilla protocol abuse", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/474624/100/0/threaded" "lang": "eng",
}, "value": "Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670."
{ }
"name" : "20070726 Re: Mozilla protocol abuse", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/474686/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070725 Mozilla protocol abuse", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2007/Jul/0557.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://larholm.com/2007/07/25/mozilla-protocol-abuse/", ]
"refsource" : "MISC", }
"url" : "http://larholm.com/2007/07/25/mozilla-protocol-abuse/" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/",
"refsource": "MISC",
"url": "http://larholm.com/2007/07/25/mozilla-protocol-abuse/"
},
{
"name": "20070726 Re: Mozilla protocol abuse",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474686/100/0/threaded"
},
{
"name": "20070725 Mozilla protocol abuse",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474624/100/0/threaded"
},
{
"name": "20070725 Mozilla protocol abuse",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Jul/0557.html"
}
]
}
} }

188
2007/4xxx/CVE-2007-4355.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4355", "ID": "CVE-2007-4355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" "lang": "eng",
}, "value": "Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors."
{ }
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200708%2FSECURITY%2F20070810%2Fdatafile101113", ]
"refsource" : "CONFIRM", },
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200708%2FSECURITY%2F20070810%2Fdatafile101113" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25273", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25273" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2905", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2905" ]
}, },
{ "references": {
"name" : "36794", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36794" "name": "ADV-2007-2905",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2905"
"name" : "1018570", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018570" "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200708%2FSECURITY%2F20070810%2Fdatafile101113",
}, "refsource": "CONFIRM",
{ "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200708%2FSECURITY%2F20070810%2Fdatafile101113"
"name" : "26437", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26437" "name": "26437",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26437"
"name" : "aix-at-bo(35976)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35976" "name": "1018570",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1018570"
} },
{
"name": "36794",
"refsource": "OSVDB",
"url": "http://osvdb.org/36794"
},
{
"name": "aix-at-bo(35976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35976"
},
{
"name": "25273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25273"
},
{
"name": "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource": "CONFIRM",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
}
]
}
} }

158
2007/4xxx/CVE-2007-4471.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2007-4471", "ID": "CVE-2007-4471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#979638", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/979638" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder."
{ }
"name" : "25544", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25544" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37134", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37134" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26659", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/26659" ]
}, },
{ "references": {
"name" : "quickbooks-activex-file-overwrite(36464)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36464" "name": "quickbooks-activex-file-overwrite(36464)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36464"
} },
{
"name": "VU#979638",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/979638"
},
{
"name": "26659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26659"
},
{
"name": "37134",
"refsource": "OSVDB",
"url": "http://osvdb.org/37134"
},
{
"name": "25544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25544"
}
]
}
} }

198
2007/6xxx/CVE-2007-6628.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6628", "ID": "CVE-2007-6628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a \"RTP/AVP;unicast;client_port\" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071227 Multiple vulnerabilities in Feng 0.1.15", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485574/100/0/threaded" "lang": "eng",
}, "value": "LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a \"RTP/AVP;unicast;client_port\" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header."
{ }
"name" : "http://aluigi.altervista.org/adv/fengulo-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/fengulo-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.org/poc/fengulo.zip", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/poc/fengulo.zip" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27049", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27049" ]
}, },
{ "references": {
"name" : "ADV-2008-0011", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0011" "name": "20071227 Multiple vulnerabilities in Feng 0.1.15",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/485574/100/0/threaded"
"name" : "40534", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40534" "name": "40535",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/40535"
"name" : "40535", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40535" "name": "27049",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27049"
"name" : "28229", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28229" "name": "ADV-2008-0011",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0011"
"name" : "3507", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3507" "name": "http://aluigi.org/poc/fengulo.zip",
} "refsource": "MISC",
] "url": "http://aluigi.org/poc/fengulo.zip"
} },
{
"name": "http://aluigi.altervista.org/adv/fengulo-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/fengulo-adv.txt"
},
{
"name": "3507",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3507"
},
{
"name": "28229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28229"
},
{
"name": "40534",
"refsource": "OSVDB",
"url": "http://osvdb.org/40534"
}
]
}
} }

168
2007/6xxx/CVE-2007-6708.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6708", "ID": "CVE-2007-6708",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080301 The Router Hacking Challenge is Over!", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/489009/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by (1) a Restore Factory Defaults action using the mtenRestore parameter to setup.cgi and (2) creation of a user account using the sysname parameter to setup.cgi."
{ }
"name" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/", ]
"refsource" : "MISC", },
"url" : "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.gnucitizen.org/projects/router-hacking-challenge/", "description": [
"refsource" : "MISC", {
"url" : "http://www.gnucitizen.org/projects/router-hacking-challenge/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "43537", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/43537" ]
}, },
{ "references": {
"name" : "43538", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/43538" "name": "20080301 The Router Hacking Challenge is Over!",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
"name" : "linksys-wag54gs-setup-csfr(41269)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269" "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
} "refsource": "MISC",
] "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
} },
{
"name": "43537",
"refsource": "OSVDB",
"url": "http://osvdb.org/43537"
},
{
"name": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs/"
},
{
"name": "linksys-wag54gs-setup-csfr(41269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41269"
},
{
"name": "43538",
"refsource": "OSVDB",
"url": "http://osvdb.org/43538"
}
]
}
} }

128
2007/6xxx/CVE-2007-6718.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6718", "ID": "CVE-2007-6718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/07/1" "lang": "eng",
}, "value": "MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486."
{ }
"name" : "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities", ]
"refsource" : "MISC", },
"url" : "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/07/1"
},
{
"name": "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities",
"refsource": "MISC",
"url": "http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities"
}
]
}
} }

138
2010/1xxx/CVE-2010-1153.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1153", "ID": "CVE-2010-1153",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100410 CVE request: typo3 remote command execution", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=127092306209177&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable."
{ }
"name" : "[oss-security] 20100412 Re: CVE request: typo3 remote command execution", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/04/12/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
},
{
"name": "[oss-security] 20100410 CVE request: typo3 remote command execution",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127092306209177&w=2"
},
{
"name": "[oss-security] 20100412 Re: CVE request: typo3 remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/12/1"
}
]
}
} }

138
2010/1xxx/CVE-2010-1480.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1480", "ID": "CVE-2010-1480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download" "lang": "eng",
}, "value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released", ]
"refsource" : "MISC", },
"url" : "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39255", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39255" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "39255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39255"
},
{
"name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource": "MISC",
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource": "MISC",
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
}
]
}
} }

198
2010/5xxx/CVE-2010-5104.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-5104", "ID": "CVE-2010-5104",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/01/13/2" "lang": "eng",
}, "value": "The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query."
{ }
"name" : "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/05/11/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/05/10/7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/05/12/5" ]
}, },
{ "references": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/" "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/",
}, "refsource": "CONFIRM",
{ "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
"name" : "45470", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45470" "name": "45470",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45470"
"name" : "70116", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/70116" "name": "35770",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35770"
"name" : "35770", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35770" "name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
"name" : "typo3-escapestrforlike-info-disc(64185)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185" "name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
} },
{
"name": "70116",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70116"
},
{
"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"name": "typo3-escapestrforlike-info-disc(64185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64185"
},
{
"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
}
]
}
} }

168
2014/0xxx/CVE-2014-0046.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0046", "ID": "CVE-2014-0046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/02/14/6" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute."
{ }
"name" : "http://emberjs.com/blog/2014/02/07/ember-security-releases.html", ]
"refsource" : "CONFIRM", },
"url" : "http://emberjs.com/blog/2014/02/07/ember-security-releases.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ", "description": [
"refsource" : "CONFIRM", {
"url" : "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "65579", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/65579" ]
}, },
{ "references": {
"name" : "56965", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56965" "name": "emberjs-linkto-xss(91242)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"
"name" : "emberjs-linkto-xss(91242)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91242" "name": "56965",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/56965"
} },
{
"name": "65579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65579"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"
},
{
"name": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2014/02/07/ember-security-releases.html"
},
{
"name": "[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/14/6"
}
]
}
} }

138
2014/0xxx/CVE-2014-0071.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0071", "ID": "CVE-2014-0071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064163", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064163" "lang": "eng",
}, "value": "PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections."
{ }
"name" : "RHSA-2014:0233", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0233.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "66001", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66001" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "66001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66001"
},
{
"name": "RHSA-2014:0233",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0233.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064163"
}
]
}
} }

128
2014/0xxx/CVE-2014-0177.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0177", "ID": "CVE-2014-0177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600" "lang": "eng",
}, "value": "The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file."
{ }
"name" : "58273", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/58273" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58273"
},
{
"name": "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600",
"refsource": "CONFIRM",
"url": "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600"
}
]
}
} }

32
2014/0xxx/CVE-2014-0688.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0688", "ID": "CVE-2014-0688",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2014/0xxx/CVE-2014-0793.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0793", "ID": "CVE-2014-0793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140123 Cross-Site Scripting (XSS) in Komento Joomla Extension", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/530873/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI."
{ }
"name" : "31174", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/31174" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23194", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23194" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://stackideas.com/downloads/changelog/komento", ]
"refsource" : "CONFIRM", }
"url" : "http://stackideas.com/downloads/changelog/komento" ]
}, },
{ "references": {
"name" : "64659", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64659" "name": "64659",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/64659"
} },
{
"name": "http://stackideas.com/downloads/changelog/komento",
"refsource": "CONFIRM",
"url": "http://stackideas.com/downloads/changelog/komento"
},
{
"name": "20140123 Cross-Site Scripting (XSS) in Komento Joomla Extension",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530873/100/0/threaded"
},
{
"name": "https://www.htbridge.com/advisory/HTB23194",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23194"
},
{
"name": "31174",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31174"
}
]
}
} }

32
2014/1xxx/CVE-2014-1393.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1393", "ID": "CVE-2014-1393",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2014/1xxx/CVE-2014-1592.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2014-1592", "ID": "CVE-2014-1592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-87.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-87.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1088635", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1088635" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3090", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-3090" ]
}, },
{ "references": {
"name" : "DSA-3092", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3092" "name": "openSUSE-SU-2015:0138",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "71398",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/71398"
"name" : "openSUSE-SU-2015:0138", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "openSUSE-SU-2015:1266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1088635",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1088635"
"name" : "71398", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71398" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
} },
{
"name": "DSA-3090",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3090"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-87.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-87.html"
},
{
"name": "DSA-3092",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3092"
}
]
}
} }

138
2014/5xxx/CVE-2014-5036.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5036", "ID": "CVE-2014-5036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.eucalyptus.com/resources/security/advisories/esa-23", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.eucalyptus.com/resources/security/advisories/esa-23" "lang": "eng",
}, "value": "The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs."
{ }
"name" : "60359", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/60359" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "60712", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60712" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "60359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60359"
},
{
"name": "60712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60712"
},
{
"name": "https://www.eucalyptus.com/resources/security/advisories/esa-23",
"refsource": "CONFIRM",
"url": "https://www.eucalyptus.com/resources/security/advisories/esa-23"
}
]
}
} }

32
2014/5xxx/CVE-2014-5079.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5079", "ID": "CVE-2014-5079",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2014/5xxx/CVE-2014-5737.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5737", "ID": "CVE-2014-5737",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#629401", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/629401" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#629401",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/629401"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
} }

118
2015/2xxx/CVE-2015-2081.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2081", "ID": "CVE-2015-2081",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html" "lang": "eng",
} "value": "Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html"
}
]
}
} }

138
2015/2xxx/CVE-2015-2266.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2266", "ID": "CVE-2015-2266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150316 Moodle security issues are now public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2015/03/16/1" "lang": "eng",
}, "value": "message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://moodle.org/mod/forum/discuss.php?d=307380", "description": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=307380" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=307380",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=307380"
},
{
"name": "[oss-security] 20150316 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/03/16/1"
}
]
}
} }

138
2015/2xxx/CVE-2015-2528.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-2528", "ID": "CVE-2015-2528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Windows Task Management Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2524."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "38201", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/38201/" "lang": "eng",
}, "value": "Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka \"Windows Task Management Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-2524."
{ }
"name" : "MS15-102", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033494", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033494" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "38201",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38201/"
},
{
"name": "MS15-102",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102"
},
{
"name": "1033494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033494"
}
]
}
} }

138
2015/2xxx/CVE-2015-2576.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-2576", "ID": "CVE-2015-2576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation."
{ }
"name" : "SUSE-SU-2015:0946", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032121", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032121" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1032121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032121"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
}
]
}
} }

268
2015/2xxx/CVE-2015-2743.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2015-2743", "ID": "CVE-2015-2743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-69.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-69.html" "lang": "eng",
}, "value": "PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1163109", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1163109" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" ]
}, },
{ "references": {
"name" : "DSA-3300", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3300" "name": "openSUSE-SU-2015:1229",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
"name" : "GLSA-201512-10", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201512-10" "name": "SUSE-SU-2015:1268",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
"name" : "RHSA-2015:1207", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1207.html" "name": "GLSA-201512-10",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201512-10"
"name" : "SUSE-SU-2015:1268", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" "name": "75541",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/75541"
"name" : "SUSE-SU-2015:1269", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "SUSE-SU-2015:1449", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" "name": "RHSA-2015:1207",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1207.html"
"name" : "openSUSE-SU-2015:1266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" "name": "SUSE-SU-2015:1269",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
"name" : "openSUSE-SU-2015:1229", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" "name": "openSUSE-SU-2015:1266",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
"name" : "USN-2656-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2656-1" "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-69.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-69.html"
"name" : "USN-2656-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2656-2" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1163109",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1163109"
"name" : "75541", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75541" "name": "USN-2656-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2656-1"
"name" : "1032783", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032783" "name": "SUSE-SU-2015:1449",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
} },
{
"name": "1032783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "DSA-3300",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"name": "USN-2656-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
} }

158
2015/2xxx/CVE-2015-2815.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2815", "ID": "CVE-2015-2815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150625 [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535825/100/800/threaded" "lang": "eng",
}, "value": "Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369."
{ }
"name" : "20150623 ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/Jun/61" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos/", "description": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html" ]
}, },
{ "references": {
"name" : "73897", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73897" "name": "20150623 ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2015/Jun/61"
} },
{
"name": "http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html"
},
{
"name": "20150625 [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535825/100/800/threaded"
},
{
"name": "73897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73897"
},
{
"name": "https://erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos/"
}
]
}
} }

168
2016/10xxx/CVE-2016-10024.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10024", "ID": "CVE-2016-10024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xenbits.xen.org/xsa/advisory-202.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://xenbits.xen.org/xsa/advisory-202.html" "lang": "eng",
}, "value": "Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations."
{ }
"name" : "https://support.citrix.com/article/CTX219378", ]
"refsource" : "CONFIRM", },
"url" : "https://support.citrix.com/article/CTX219378" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3847", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3847" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201612-56", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201612-56" ]
}, },
{ "references": {
"name" : "95021", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95021" "name": "GLSA-201612-56",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201612-56"
"name" : "1037517", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037517" "name": "http://xenbits.xen.org/xsa/advisory-202.html",
} "refsource": "CONFIRM",
] "url": "http://xenbits.xen.org/xsa/advisory-202.html"
} },
{
"name": "95021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95021"
},
{
"name": "DSA-3847",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3847"
},
{
"name": "1037517",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037517"
},
{
"name": "https://support.citrix.com/article/CTX219378",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX219378"
}
]
}
} }

130
2016/10xxx/CVE-2016-10418.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2016-10418", "ID": "CVE-2016-10418",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835" "version_value": "MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, HLOS can enable PMIC debug through TCSR_QPDI_DISABLE_CFG due to improper access control."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "TCSR_QPDI_DISABLE_CFG register is unprotected"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, HLOS can enable PMIC debug through TCSR_QPDI_DISABLE_CFG due to improper access control."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "TCSR_QPDI_DISABLE_CFG register is unprotected"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
} }

130
2016/10xxx/CVE-2016-10485.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2016-10485", "ID": "CVE-2016-10485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SDX20" "version_value": "IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SDX20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, lack of proper bounds checking may lead to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overflow vulnerability in Core"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, lack of proper bounds checking may lead to a buffer overflow."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
} }

120
2016/10xxx/CVE-2016-10656.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2016-10656", "ID": "CVE-2016-10656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "qbs node module", "product_name": "qbs node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/266", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/266" "lang": "eng",
} "value": "qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/266",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/266"
}
]
}
} }

178
2016/4xxx/CVE-2016-4234.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-4234", "ID": "CVE-2016-4234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html" "lang": "eng",
}, "value": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246."
{ }
"name" : "GLSA-201607-03", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201607-03" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:1423", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1423" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2016:1826", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:1802", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html" "name": "SUSE-SU-2016:1826",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html"
"name" : "91725", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91725" "name": "GLSA-201607-03",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201607-03"
"name" : "1036280", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036280" "name": "openSUSE-SU-2016:1802",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html"
} },
{
"name": "91725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91725"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
},
{
"name": "RHSA-2016:1423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1423"
},
{
"name": "1036280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036280"
}
]
}
} }

128
2016/4xxx/CVE-2016-4422.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2016-4422", "ID": "CVE-2016-4422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c" "lang": "eng",
}, "value": "The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account."
{ }
"name" : "DSA-3567", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2016/dsa-3567" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3567",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3567"
},
{
"name": "https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114#src/pam_sshauth.c"
}
]
}
} }

158
2016/4xxx/CVE-2016-4741.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-4741", "ID": "CVE-2016-4741",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207143", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207143" "lang": "eng",
}, "value": "The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates."
{ }
"name" : "APPLE-SA-2016-09-13-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2016-09-20-3", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92932", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92932" ]
}, },
{ "references": {
"name" : "1036797", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036797" "name": "APPLE-SA-2016-09-20-3",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
} },
{
"name": "1036797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036797"
},
{
"name": "APPLE-SA-2016-09-13-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html"
},
{
"name": "92932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92932"
},
{
"name": "https://support.apple.com/HT207143",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207143"
}
]
}
} }

134
2016/8xxx/CVE-2016-8412.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8412", "ID": "CVE-2016-8412",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891."
{ }
"name" : "95238", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95238" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95238"
}
]
}
} }

138
2016/8xxx/CVE-2016-8467.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8467", "ID": "CVE-2016-8467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/", "description_data": [
"refsource" : "MISC", {
"url" : "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784."
{ }
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95250", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95250" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95250"
},
{
"name": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/",
"refsource": "MISC",
"url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
}
]
}
} }

240
2016/8xxx/CVE-2016-8615.json
View File

@ -1,123 +1,123 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psampaio@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-8615", "ID": "CVE-2016-8615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "curl", "product_name": "curl",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.51.0" "version_value": "7.51.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "The Curl Project" "vendor_name": "The Curl Project"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-99"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://curl.haxx.se/docs/adv_20161102A.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://curl.haxx.se/docs/adv_20161102A.html" "lang": "eng",
}, "value": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615" "impact": {
}, "cvss": [
{ [
"name" : "https://curl.haxx.se/CVE-2016-8615.patch", {
"refsource" : "CONFIRM", "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"url" : "https://curl.haxx.se/CVE-2016-8615.patch" "version": "3.0"
}, }
{ ],
"name" : "https://www.tenable.com/security/tns-2016-21", [
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2016-21" "vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
}, "version": "2.0"
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", ]
"refsource" : "CONFIRM", ]
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" },
}, "problemtype": {
{ "problemtype_data": [
"name" : "GLSA-201701-47", {
"refsource" : "GENTOO", "description": [
"url" : "https://security.gentoo.org/glsa/201701-47" {
}, "lang": "eng",
{ "value": "CWE-99"
"name" : "RHSA-2018:2486", }
"refsource" : "REDHAT", ]
"url" : "https://access.redhat.com/errata/RHSA-2018:2486" }
}, ]
{ },
"name" : "RHSA-2018:3558", "references": {
"refsource" : "REDHAT", "reference_data": [
"url" : "https://access.redhat.com/errata/RHSA-2018:3558" {
}, "name": "RHSA-2018:3558",
{ "refsource": "REDHAT",
"name" : "94096", "url": "https://access.redhat.com/errata/RHSA-2018:3558"
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94096" {
}, "name": "94096",
{ "refsource": "BID",
"name" : "1037192", "url": "http://www.securityfocus.com/bid/94096"
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1037192" {
} "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615",
] "refsource": "CONFIRM",
} "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615"
},
{
"name": "https://curl.haxx.se/CVE-2016-8615.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/CVE-2016-8615.patch"
},
{
"name": "https://curl.haxx.se/docs/adv_20161102A.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20161102A.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name": "1037192",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037192"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
}
]
}
} }

150
2016/8xxx/CVE-2016-8769.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2016-8769", "ID": "CVE-2016-8769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Huawei UTPS", "product_name": "Huawei UTPS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "earlier than UTPS-V200R003B015D16SPC00C983" "version_value": "earlier than UTPS-V200R003B015D16SPC00C983"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unquoted service path"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40807", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40807/" "lang": "eng",
}, "value": "Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed."
{ }
"name" : "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/", ]
"refsource" : "MISC", },
"url" : "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en" "lang": "eng",
}, "value": "unquoted service path"
{ }
"name" : "94403", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/94403" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/",
"refsource": "MISC",
"url": "http://www.security-geek.in/2017/02/07/0day-discovery-system-level-access-by-privilege-escalation-of-huawei-manufactured-airtel-photon-dongles/"
},
{
"name": "94403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94403"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-utps-en"
},
{
"name": "40807",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40807/"
}
]
}
} }

188
2016/9xxx/CVE-2016-9262.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9262", "ID": "CVE-2016-9262",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161110 Re: jasper: use after free in jas_realloc (jas_malloc.c)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/11/10/4" "lang": "eng",
}, "value": "Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities."
{ }
"name" : "https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c", ]
"refsource" : "MISC", },
"url" : "https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393882", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1393882" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735" ]
}, },
{ "references": {
"name" : "GLSA-201707-07", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201707-07" "name": "[oss-security] 20161110 Re: jasper: use after free in jas_realloc (jas_malloc.c)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/11/10/4"
"name" : "RHSA-2017:1208", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1208" "name": "GLSA-201707-07",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201707-07"
"name" : "USN-3693-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3693-1/" "name": "94224",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/94224"
"name" : "94224", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94224" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1393882",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393882"
} },
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735"
},
{
"name": "USN-3693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3693-1/"
},
{
"name": "https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c"
}
]
}
} }

32
2016/9xxx/CVE-2016-9524.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9524", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9524",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

220
2016/9xxx/CVE-2016-9602.json
View File

@ -1,113 +1,113 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-9602", "ID": "CVE-2016-9602",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Qemu", "product_name": "Qemu",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "qemu 2.9" "version_value": "qemu 2.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "" "vendor_name": ""
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
],
[
{
"vectorString" : "6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-59"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/01/17/12" "lang": "eng",
}, "value": "Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
{ }
"name" : "[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks", ]
"refsource" : "MLIST", },
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html" "impact": {
}, "cvss": [
{ [
"name" : "[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks", {
"refsource" : "MLIST", "vectorString": "7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html" "version": "3.0"
}, }
{ ],
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" "vectorString": "6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C",
}, "version": "2.0"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602", ]
"refsource" : "CONFIRM", ]
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602" },
}, "problemtype": {
{ "problemtype_data": [
"name" : "GLSA-201704-01", {
"refsource" : "GENTOO", "description": [
"url" : "https://security.gentoo.org/glsa/201704-01" {
}, "lang": "eng",
{ "value": "CWE-59"
"name" : "95461", }
"refsource" : "BID", ]
"url" : "http://www.securityfocus.com/bid/95461" }
}, ]
{ },
"name" : "1037604", "references": {
"refsource" : "SECTRACK", "reference_data": [
"url" : "http://www.securitytracker.com/id/1037604" {
} "name": "[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks",
] "refsource": "MLIST",
} "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html"
},
{
"name": "1037604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037604"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602"
},
{
"name": "[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/12"
},
{
"name": "[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "95461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95461"
}
]
}
} }

208
2016/9xxx/CVE-2016-9807.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9807", "ID": "CVE-2016-9807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161201 gstreamer multiple issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/12/01/2" "lang": "eng",
}, "value": "The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file."
{ }
"name" : "[oss-security] 20161204 Re: gstreamer multiple issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=774859", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=774859" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff", ]
"refsource" : "CONFIRM", }
"url" : "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff" ]
}, },
{ "references": {
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" "name": "RHSA-2017:0019",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
"name" : "GLSA-201705-10", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201705-10" "name": "RHSA-2016:2975",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
"name" : "RHSA-2016:2975", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2975.html" "name": "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff",
}, "refsource": "CONFIRM",
{ "url": "https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff"
"name" : "RHSA-2017:0019", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0019.html" "name": "RHSA-2017:0020",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
"name" : "RHSA-2017:0020", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0020.html" "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
}, "refsource": "CONFIRM",
{ "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
"name" : "95148", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95148" "name": "https://bugzilla.gnome.org/show_bug.cgi?id=774859",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.gnome.org/show_bug.cgi?id=774859"
} },
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name": "95148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95148"
}
]
}
} }

138
2019/2xxx/CVE-2019-2427.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2427", "ID": "CVE-2019-2427",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebCenter Portal", "product_name": "WebCenter Portal",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.1.1.9.0" "version_value": "11.1.1.9.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.3.0" "version_value": "12.2.1.3.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
{ }
"name" : "106581", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106581" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106581"
}
]
}
} }

138
2019/2xxx/CVE-2019-2462.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2462", "ID": "CVE-2019-2462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Outside In Technology", "product_name": "Outside In Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.3" "version_value": "8.5.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.4" "version_value": "8.5.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L)."
{ }
"name" : "106569", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106569" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106569"
}
]
}
} }

32
2019/2xxx/CVE-2019-2761.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2761", "ID": "CVE-2019-2761",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/3xxx/CVE-2019-3361.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-3361", "ID": "CVE-2019-3361",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/6xxx/CVE-2019-6410.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6410", "ID": "CVE-2019-6410",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/6xxx/CVE-2019-6512.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6512", "ID": "CVE-2019-6512",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/6xxx/CVE-2019-6887.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6887", "ID": "CVE-2019-6887",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/7xxx/CVE-2019-7109.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7109", "ID": "CVE-2019-7109",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/7xxx/CVE-2019-7177.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7177", "ID": "CVE-2019-7177",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/7xxx/CVE-2019-7276.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7276", "ID": "CVE-2019-7276",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/7xxx/CVE-2019-7777.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7777", "ID": "CVE-2019-7777",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/7xxx/CVE-2019-7894.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7894", "ID": "CVE-2019-7894",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }