admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:38:15 +00:00
parent d985542f2b
commit 69767b9a54
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3881 additions and 3881 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2007/2xxx/CVE-2007-2125.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2125", "ID": "CVE-2007-2125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMA02133", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT061201", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" ]
}, },
{ "references": {
"name" : "TA07-108A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" "name": "TA07-108A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
"name" : "23532", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23532" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
"name" : "ADV-2007-1426", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1426" "name": "23532",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23532"
"name" : "1017927", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1017927" "name": "1017927",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1017927"
} },
} {
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
}
]
}
}

230
2007/2xxx/CVE-2007-2452.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2007-2452", "ID": "CVE-2007-2452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/470108/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036."
{ }
"name" : "HPSBMA02554", ]
"refsource" : "HP", },
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100018", "description": [
"refsource" : "HP", {
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24250", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/24250" ]
}, },
{ "references": {
"name" : "40551", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40551" "name": "SSRT100018",
}, "refsource": "HP",
{ "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
"name" : "ADV-2007-2015", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2015" "name": "findutils-filename-bo(34628)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34628"
"name" : "36827", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36827" "name": "HPSBMA02554",
}, "refsource": "HP",
{ "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
"name" : "1018183", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018183" "name": "ADV-2007-2015",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2015"
"name" : "25477", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25477" "name": "40551",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40551"
"name" : "2760", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2760" "name": "36827",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/36827"
"name" : "ADV-2010-1796", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1796" "name": "20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/470108/100/0/threaded"
"name" : "findutils-filename-bo(34628)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34628" "name": "25477",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25477"
} },
} {
"name": "2760",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2760"
},
{
"name": "ADV-2010-1796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "1018183",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018183"
},
{
"name": "24250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24250"
}
]
}
}

170
2007/2xxx/CVE-2007-2714.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2714", "ID": "CVE-2007-2714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070514 WordPress 2.1.3 Akismet Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062980.html" "lang": "eng",
}, "value": "Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors."
{ }
"name" : "http://michaeldaw.org/alerts/alert-140507/", ]
"refsource" : "MISC", },
"url" : "http://michaeldaw.org/alerts/alert-140507/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://michaeldaw.org/alerts/alerts-140507-1/", "description": [
"refsource" : "MISC", {
"url" : "http://michaeldaw.org/alerts/alerts-140507-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23965", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/23965" ]
}, },
{ "references": {
"name" : "37290", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37290" "name": "37290",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/37290"
"name" : "akismet-wordpress-unspecified(34338)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34338" "name": "http://michaeldaw.org/alerts/alert-140507/",
} "refsource": "MISC",
] "url": "http://michaeldaw.org/alerts/alert-140507/"
} },
} {
"name": "23965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23965"
},
{
"name": "http://michaeldaw.org/alerts/alerts-140507-1/",
"refsource": "MISC",
"url": "http://michaeldaw.org/alerts/alerts-140507-1/"
},
{
"name": "akismet-wordpress-unspecified(34338)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34338"
},
{
"name": "20070514 WordPress 2.1.3 Akismet Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062980.html"
}
]
}
}

160
2007/3xxx/CVE-2007-3067.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3067", "ID": "CVE-2007-3067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php."
{ }
"name" : "36930", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/36930" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2045", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2045" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25538", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25538" ]
}, },
{ "references": {
"name" : "eqdkp-plugin-index-xss(34700)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34700" "name": "ADV-2007-2045",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/2045"
} },
} {
"name": "http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=512860&group_id=167016"
},
{
"name": "36930",
"refsource": "OSVDB",
"url": "http://osvdb.org/36930"
},
{
"name": "25538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25538"
},
{
"name": "eqdkp-plugin-index-xss(34700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34700"
}
]
}
}

140
2007/3xxx/CVE-2007-3601.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3601", "ID": "CVE-2007-3601",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9" "lang": "eng",
}, "value": "vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view."
{ }
"name" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990", ]
"refsource" : "CONFIRM", },
"url" : "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "45785", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/45785" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "45785",
"refsource": "OSVDB",
"url": "http://osvdb.org/45785"
},
{
"name": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990",
"refsource": "CONFIRM",
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990"
},
{
"name": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9",
"refsource": "CONFIRM",
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
}
]
}
}

160
2007/3xxx/CVE-2007-3654.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3654", "ID": "CVE-2007-3654",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "NetBSD-SA2007-006", "description_data": [
"refsource" : "NETBSD", {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-006.txt.asc" "lang": "eng",
}, "value": "The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function."
{ }
"name" : "25682", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25682" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40810", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40810" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1018693", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1018693" ]
}, },
{ "references": {
"name" : "netbsd-display-driver-dos(36598)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36598" "name": "25682",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/25682"
} },
} {
"name": "1018693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018693"
},
{
"name": "NetBSD-SA2007-006",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-006.txt.asc"
},
{
"name": "netbsd-display-driver-dos(36598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36598"
},
{
"name": "40810",
"refsource": "OSVDB",
"url": "http://osvdb.org/40810"
}
]
}
}

170
2007/3xxx/CVE-2007-3692.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3692", "ID": "CVE-2007-3692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.au.kddi.com/ezfactory/tec/dlcgi/info.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.au.kddi.com/ezfactory/tec/dlcgi/info.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter."
{ }
"name" : "JVN#33593387", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/jp/JVN%2333593387/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-2472", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2472" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38453", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/38453" ]
}, },
{ "references": {
"name" : "1018344", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018344" "name": "ADV-2007-2472",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2472"
"name" : "kddi-download-directory-traversal(35323)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35323" "name": "1018344",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1018344"
} },
} {
"name": "kddi-download-directory-traversal(35323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35323"
},
{
"name": "http://www.au.kddi.com/ezfactory/tec/dlcgi/info.html",
"refsource": "CONFIRM",
"url": "http://www.au.kddi.com/ezfactory/tec/dlcgi/info.html"
},
{
"name": "38453",
"refsource": "OSVDB",
"url": "http://osvdb.org/38453"
},
{
"name": "JVN#33593387",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2333593387/index.html"
}
]
}
}

140
2007/3xxx/CVE-2007-3813.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3813", "ID": "CVE-2007-3813",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4180", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4180" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter."
{ }
"name" : "36265", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/36265" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "noboard-user-file-include(35426)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35426" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4180",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4180"
},
{
"name": "noboard-user-file-include(35426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35426"
},
{
"name": "36265",
"refsource": "OSVDB",
"url": "http://osvdb.org/36265"
}
]
}
}

140
2007/3xxx/CVE-2007-3963.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3963", "ID": "CVE-2007-3963",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070720 UseBB 1.0.x Cross Site Scripting (XSS)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/474256/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193."
{ }
"name" : "24990", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24990" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2915", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2915" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20070720 UseBB 1.0.x Cross Site Scripting (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474256/100/0/threaded"
},
{
"name": "24990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24990"
},
{
"name": "2915",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2915"
}
]
}
}

160
2007/4xxx/CVE-2007-4132.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2007-4132", "ID": "CVE-2007-4132",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a \"back-end XMLRPC handler.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "RHSA-2007:0868", "description_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0868.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a \"back-end XMLRPC handler.\""
{ }
"name" : "25490", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/25490" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40438", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40438" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1018626", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1018626" ]
}, },
{ "references": {
"name" : "26687", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26687" "name": "40438",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/40438"
} },
} {
"name": "25490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25490"
},
{
"name": "26687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26687"
},
{
"name": "RHSA-2007:0868",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0868.html"
},
{
"name": "1018626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018626"
}
]
}
}

250
2007/4xxx/CVE-2007-4660.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4660", "ID": "CVE-2007-4660",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.php.net/ChangeLog-5.php#5.2.4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.php.net/ChangeLog-5.php#5.2.4" "lang": "eng",
}, "value": "Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation."
{ }
"name" : "http://www.php.net/releases/5_2_4.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.php.net/releases/5_2_4.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://launchpad.net/bugs/173043", "description": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/bugs/173043" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1444", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2008/dsa-1444" ]
}, },
{ "references": {
"name" : "GLSA-200710-02", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml" "name": "https://launchpad.net/bugs/173043",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/bugs/173043"
"name" : "MDVSA-2008:125", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125" "name": "DSA-1444",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1444"
"name" : "MDVSA-2008:126", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126" "name": "GLSA-200710-02",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
"name" : "USN-549-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/549-1/" "name": "27864",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27864"
"name" : "USN-549-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-549-2" "name": "http://www.php.net/ChangeLog-5.php#5.2.4",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
"name" : "ADV-2007-3023", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3023" "name": "USN-549-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/549-1/"
"name" : "26642", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26642" "name": "28249",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28249"
"name" : "27102", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27102" "name": "MDVSA-2008:125",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
"name" : "27864", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27864" "name": "27102",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27102"
"name" : "28249", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28249" "name": "ADV-2007-3023",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/3023"
} },
} {
"name": "http://www.php.net/releases/5_2_4.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_4.php"
},
{
"name": "USN-549-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-549-2"
},
{
"name": "MDVSA-2008:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
},
{
"name": "26642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26642"
}
]
}
}

130
2007/4xxx/CVE-2007-4883.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-4883", "ID": "CVE-2007-4883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828."
{ }
"name" : "37336", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/37336" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37336",
"refsource": "OSVDB",
"url": "http://osvdb.org/37336"
},
{
"name": "[MediaWiki-announce] 20070910 MediaWiki 1.11.0, 1.10.2, 1.9.4, 1.8.5 released",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2007-September/000067.html"
}
]
}
}

210
2007/6xxx/CVE-2007-6055.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6055", "ID": "CVE-2007-6055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071115 PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/483777/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date."
{ }
"name" : "http://www.procheckup.com/Vulnerability_PR07-02.php", ]
"refsource" : "MISC", },
"url" : "http://www.procheckup.com/Vulnerability_PR07-02.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "26470", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26470" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38702", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/38702" ]
}, },
{ "references": {
"name" : "1022063", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022063" "name": "20071115 PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/483777/100/0/threaded"
"name" : "27537", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27537" "name": "liferay-portal-login-xss(38503)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38503"
"name" : "34714", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34714" "name": "ADV-2009-1048",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1048"
"name" : "3379", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3379" "name": "34714",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34714"
"name" : "ADV-2009-1048", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1048" "name": "27537",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27537"
"name" : "liferay-portal-login-xss(38503)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38503" "name": "26470",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/26470"
} },
} {
"name": "1022063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022063"
},
{
"name": "3379",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3379"
},
{
"name": "38702",
"refsource": "OSVDB",
"url": "http://osvdb.org/38702"
},
{
"name": "http://www.procheckup.com/Vulnerability_PR07-02.php",
"refsource": "MISC",
"url": "http://www.procheckup.com/Vulnerability_PR07-02.php"
}
]
}
}

150
2007/6xxx/CVE-2007-6603.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6603", "ID": "CVE-2007-6603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4804", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4804" "lang": "eng",
}, "value": "Hot or Not Clone has insufficient access control for producing and reading database backups, which allows remote attackers to obtain the administrator username and password via a direct request to control/backup/backup.php, which generates a backup/dump/backup.sql file that can be downloaded via a direct request to control/downloadfile.php."
{ }
"name" : "40572", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/40572" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28261", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28261" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "hotornotclone-backup-info-disclosure(39344)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39344" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4804",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4804"
},
{
"name": "40572",
"refsource": "OSVDB",
"url": "http://osvdb.org/40572"
},
{
"name": "28261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28261"
},
{
"name": "hotornotclone-backup-info-disclosure(39344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39344"
}
]
}
}

160
2007/6xxx/CVE-2007-6636.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6636", "ID": "CVE-2007-6636",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bitflu.workaround.ch/ChangeLog.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bitflu.workaround.ch/ChangeLog.txt" "lang": "eng",
}, "value": "Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted remote attackers to create or append data to arbitrary files via a crafted .torrent file."
{ }
"name" : "27043", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27043" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39892", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/39892" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28238", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28238" ]
}, },
{ "references": {
"name" : "bitflu-storagefarabdb-security-bypass(39269)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39269" "name": "27043",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/27043"
} },
} {
"name": "39892",
"refsource": "OSVDB",
"url": "http://osvdb.org/39892"
},
{
"name": "http://bitflu.workaround.ch/ChangeLog.txt",
"refsource": "CONFIRM",
"url": "http://bitflu.workaround.ch/ChangeLog.txt"
},
{
"name": "28238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28238"
},
{
"name": "bitflu-storagefarabdb-security-bypass(39269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39269"
}
]
}
}

160
2007/6xxx/CVE-2007-6667.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6667", "ID": "CVE-2007-6667",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4822", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4822" "lang": "eng",
}, "value": "SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413."
{ }
"name" : "27083", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27083" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39781", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/39781" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39782", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/39782" ]
}, },
{ "references": {
"name" : "myphpforum-faq-sql-injection(39347)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39347" "name": "4822",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/4822"
} },
} {
"name": "27083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27083"
},
{
"name": "39781",
"refsource": "OSVDB",
"url": "http://osvdb.org/39781"
},
{
"name": "myphpforum-faq-sql-injection(39347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39347"
},
{
"name": "39782",
"refsource": "OSVDB",
"url": "http://osvdb.org/39782"
}
]
}
}

140
2010/0xxx/CVE-2010-0711.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0711", "ID": "CVE-2010-0711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter."
{ }
"name" : "62357", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/62357" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38596", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38596" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "62357",
"refsource": "OSVDB",
"url": "http://osvdb.org/62357"
},
{
"name": "38596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38596"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt"
}
]
}
}

220
2010/1xxx/CVE-2010-1084.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1084", "ID": "CVE-2010-1084",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "lang": "eng",
}, "value": "Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c."
{ }
"name" : "[oss-security] 20100323 CVE request: kernel: bluetooth: potential bad memory access with sysfs files", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/03/23/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-1084", "description": [
"refsource" : "MISC", {
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-1084" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=101545f6fef4a0a3ea8daf0b5b880df2c6a92a69", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=101545f6fef4a0a3ea8daf0b5b880df2c6a92a69" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=576018", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=576018" "name": "http://security-tracker.debian.org/tracker/CVE-2010-1084",
}, "refsource": "MISC",
{ "url": "http://security-tracker.debian.org/tracker/CVE-2010-1084"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=576018",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576018"
"name" : "DSA-2053", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2053" "name": "RHSA-2010:0610",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
"name" : "RHSA-2010:0610", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=101545f6fef4a0a3ea8daf0b5b880df2c6a92a69",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=101545f6fef4a0a3ea8daf0b5b880df2c6a92a69"
"name" : "38898", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38898" "name": "38898",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/38898"
"name" : "39830", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39830" "name": "43315",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43315"
"name" : "43315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43315" "name": "[oss-security] 20100323 CVE request: kernel: bluetooth: potential bad memory access with sysfs files",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/03/23/1"
} },
} {
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "DSA-2053",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2053"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "39830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39830"
}
]
}
}

170
2010/1xxx/CVE-2010-1158.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1158", "ID": "CVE-2010-1158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/04/08/9" "lang": "eng",
}, "value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
{ }
"name" : "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/04/14/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=313565", "description": [
"refsource" : "MISC", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=313565" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=580605", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=580605" ]
}, },
{ "references": {
"name" : "http://perldoc.perl.org/perl5100delta.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://perldoc.perl.org/perl5100delta.html" "name": "http://bugs.gentoo.org/show_bug.cgi?id=313565",
}, "refsource": "MISC",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
"name" : "55314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55314" "name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
} },
} {
"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=580605",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"name": "http://perldoc.perl.org/perl5100delta.html",
"refsource": "CONFIRM",
"url": "http://perldoc.perl.org/perl5100delta.html"
}
]
}
}

150
2010/1xxx/CVE-2010-1514.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-1514", "ID": "CVE-2010-1514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/148/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/148/45/" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier allows remote authenticated users, with certain privileges, to execute arbitrary PHP code by uploading an image file, and then accessing it via a direct request to the file in an unspecified directory."
{ }
"name" : "http://secunia.com/secunia_research/2010-57/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-57/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40544", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40544" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39680", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/39680" ]
} },
] "references": {
} "reference_data": [
} {
"name": "39680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39680"
},
{
"name": "40544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40544"
},
{
"name": "http://secunia.com/secunia_research/2010-57/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-57/"
},
{
"name": "http://holisticinfosec.org/content/view/148/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/148/45/"
}
]
}
}

140
2010/1xxx/CVE-2010-1829.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1829", "ID": "CVE-2010-1829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4435", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "lang": "eng",
}, "value": "Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share."
{ }
"name" : "APPLE-SA-2010-11-10-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024723", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024723" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1024723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024723"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
}
]
}
}

220
2010/1xxx/CVE-2010-1869.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1869", "ID": "CVE-2010-1869",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100512 Multiple memory corruption vulnerabilities in Ghostscript", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511243/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file."
{ }
"name" : "http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html", ]
"refsource" : "MISC", },
"url" : "http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2010:102", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:102" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2010:014", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" ]
}, },
{ "references": {
"name" : "USN-961-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-961-1" "name": "ADV-2010-1195",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1195"
"name" : "40103", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40103" "name": "39753",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39753"
"name" : "1024003", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024003" "name": "ADV-2010-1138",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1138"
"name" : "39753", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39753" "name": "MDVSA-2010:102",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:102"
"name" : "40580", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40580" "name": "USN-961-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-961-1"
"name" : "ADV-2010-1138", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1138" "name": "40103",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40103"
"name" : "ADV-2010-1195", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1195" "name": "1024003",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1024003"
} },
} {
"name": "40580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40580"
},
{
"name": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html",
"refsource": "MISC",
"url": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "20100512 Multiple memory corruption vulnerabilities in Ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511243/100/0/threaded"
}
]
}
}

34
2010/5xxx/CVE-2010-5128.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-5128", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-5128",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

130
2014/0xxx/CVE-2014-0581.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0581", "ID": "CVE-2014-0581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html" "lang": "eng",
}, "value": "Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-8440, and CVE-2014-8441."
{ }
"name" : "openSUSE-SU-2015:0725", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-24.html"
},
{
"name": "openSUSE-SU-2015:0725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0644.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2014-0644", "ID": "CVE-2014-0644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html" "lang": "eng",
}, "value": "EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file."
{ }
"name" : "20140331 EMC CTA v10.0 unauthenticated XXE with root perms", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Mar/426" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://gist.github.com/brandonprry/9895721", "description": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/brandonprry/9895721" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html"
},
{
"name": "https://gist.github.com/brandonprry/9895721",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/9895721"
},
{
"name": "20140331 EMC CTA v10.0 unauthenticated XXE with root perms",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/426"
}
]
}
}

180
2014/0xxx/CVE-2014-0665.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0665", "ID": "CVE-2014-0665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448" "lang": "eng",
}, "value": "The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904."
{ }
"name" : "20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64939", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64939" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102118", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/102118" ]
}, },
{ "references": {
"name" : "1029624", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029624" "name": "cisco-ise-cve2040665-unsuth-access(90463)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463"
"name" : "56439", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56439" "name": "102118",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/102118"
"name" : "cisco-ise-cve2040665-unsuth-access(90463)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448",
} "refsource": "CONFIRM",
] "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448"
} },
} {
"name": "1029624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029624"
},
{
"name": "56439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56439"
},
{
"name": "64939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64939"
},
{
"name": "20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665"
}
]
}
}

320
2014/1xxx/CVE-2014-1547.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2014-1547", "ID": "CVE-2014-1547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1012694", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1012694" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1019684", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1019684" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1024765", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1024765" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=985070", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=985070" "name": "59719",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59719"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=985070",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=985070"
"name" : "http://linux.oracle.com/errata/ELSA-2014-0918.html", },
"refsource" : "CONFIRM", {
"url" : "http://linux.oracle.com/errata/ELSA-2014-0918.html" "name": "60083",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60083"
"name" : "DSA-2986", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2986" "name": "60621",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60621"
"name" : "DSA-2996", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2996" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1024765",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1024765"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "68811", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68811" "name": "60306",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60306"
"name" : "1030619", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030619" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "1030620", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030620" "name": "http://linux.oracle.com/errata/ELSA-2014-0918.html",
}, "refsource": "CONFIRM",
{ "url": "http://linux.oracle.com/errata/ELSA-2014-0918.html"
"name" : "59591", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59591" "name": "1030620",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1030620"
"name" : "59719", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59719" "name": "DSA-2996",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2996"
"name" : "59760", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59760" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1012694",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1012694"
"name" : "60306", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60306" "name": "1030619",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1030619"
"name" : "60486", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60486" "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-56.html"
"name" : "60621", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60621" "name": "60486",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60486"
"name" : "60628", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60628" "name": "60628",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60628"
"name" : "60083", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60083" "name": "DSA-2986",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2014/dsa-2986"
} },
} {
"name": "59760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59760"
},
{
"name": "59591",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59591"
},
{
"name": "68811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68811"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1019684",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1019684"
}
]
}
}

160
2014/1xxx/CVE-2014-1881.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1881", "ID": "CVE-2014-1881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2014/Jan/96" "lang": "eng",
}, "value": "Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization."
{ }
"name" : "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2014/02/07/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf", ]
"refsource" : "MISC", }
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" ]
}, },
{ "references": {
"name" : "http://www.internetsociety.org/ndss2014/programme#session3", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.internetsociety.org/ndss2014/programme#session3" "name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
} "refsource": "MISC",
] "url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
} },
} {
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "20140124 Security Vulnerabilities in Apache Cordova / PhoneGap",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Jan/96"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt"
}
]
}
}

34
2014/4xxx/CVE-2014-4921.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4921", "ID": "CVE-2014-4921",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/5xxx/CVE-2014-5341.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5341", "ID": "CVE-2014-5341",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-019", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-019" "lang": "eng",
} "value": "The SFTP external storage driver (files_external) in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-019"
}
]
}
}

160
2014/5xxx/CVE-2014-5354.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5354", "ID": "CVE-2014-5354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16" "lang": "eng",
}, "value": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command."
{ }
"name" : "openSUSE-SU-2015:0542", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-2498-1", "description": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2498-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "71680", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/71680" ]
}, },
{ "references": {
"name" : "1031376", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031376" "name": "openSUSE-SU-2015:0542",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html"
} },
} {
"name": "71680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71680"
},
{
"name": "1031376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031376"
},
{
"name": "USN-2498-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2498-1"
},
{
"name": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16"
}
]
}
}

34
2014/5xxx/CVE-2014-5371.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5371", "ID": "CVE-2014-5371",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/5xxx/CVE-2014-5410.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-5410", "ID": "CVE-2014-5410",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02" "lang": "eng",
} "value": "The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 1766-Lxxxxx A FRN controllers 7 and earlier and 1400 1766-Lxxxxx B FRN controllers before 15.001 allows remote attackers to cause a denial of service (process disruption) via malformed packets over (1) an Ethernet network or (2) a serial line."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02"
}
]
}
}

34
2015/2xxx/CVE-2015-2022.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2022", "ID": "CVE-2015-2022",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2015/2xxx/CVE-2015-2834.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-2834", "ID": "CVE-2015-2834",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2015/2xxx/CVE-2015-2854.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-2854", "ID": "CVE-2015-2854",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bto.bluecoat.com/security-advisory/sa96", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa96" "lang": "eng",
}, "value": "The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element."
{ }
"name" : "VU#498348", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/498348" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74921", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74921" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#498348",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/498348"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa96",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa96"
},
{
"name": "74921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74921"
}
]
}
}

34
2016/10xxx/CVE-2016-10000.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10000", "ID": "CVE-2016-10000",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2016/10xxx/CVE-2016-10514.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10514", "ID": "CVE-2016-10514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a \" character, or a URL beginning with a substring other than the http:// or https:// substring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://piwigo.org/releases/2.8.3", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://piwigo.org/releases/2.8.3" "lang": "eng",
}, "value": "url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a \" character, or a URL beginning with a substring other than the http:// or https:// substring."
{ }
"name" : "https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/Piwigo/Piwigo/issues/547", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Piwigo/Piwigo/issues/547" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Piwigo/Piwigo/issues/547",
"refsource": "CONFIRM",
"url": "https://github.com/Piwigo/Piwigo/issues/547"
},
{
"name": "http://piwigo.org/releases/2.8.3",
"refsource": "CONFIRM",
"url": "http://piwigo.org/releases/2.8.3"
},
{
"name": "https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57",
"refsource": "CONFIRM",
"url": "https://github.com/Piwigo/Piwigo/commit/b3157cbfd859c914911b114d4edbba4654758b57"
}
]
}
}

122
2016/10xxx/CVE-2016-10594.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2016-10594", "ID": "CVE-2016-10594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ipip node module", "product_name": "ipip node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/184", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/184" "lang": "eng",
} "value": "ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/184",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/184"
}
]
}
}

140
2016/3xxx/CVE-2016-3393.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3393", "ID": "CVE-2016-3393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Component RCE Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-120", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120" "lang": "eng",
}, "value": "Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Component RCE Vulnerability.\""
{ }
"name" : "93377", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93377" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036988", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036988" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036988",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036988"
},
{
"name": "93377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93377"
},
{
"name": "MS16-120",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120"
}
]
}
}

140
2016/4xxx/CVE-2016-4815.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2016-4815", "ID": "CVE-2016-4815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://buffalo.jp/support_s/s20160527b.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://buffalo.jp/support_s/s20160527b.html" "lang": "eng",
}, "value": "Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
{ }
"name" : "JVN#81698369", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN81698369/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2016-000086", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000086" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JVN#81698369",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81698369/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20160527b.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20160527b.html"
},
{
"name": "JVNDB-2016-000086",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000086"
}
]
}
}

34
2016/8xxx/CVE-2016-8192.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8192", "ID": "CVE-2016-8192",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2016/8xxx/CVE-2016-8324.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-8324", "ID": "CVE-2016-8324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Core Banking", "product_name": "FLEXCUBE Core Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.1.0" "version_value": "5.1.0"
}, },
{ {
"version_value" : "5.2.0" "version_value": "5.2.0"
}, },
{ {
"version_value" : "11.5.0" "version_value": "11.5.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."
{ }
"name" : "95607", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95607" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037636", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037636" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95607"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

130
2016/8xxx/CVE-2016-8436.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8436", "ID": "CVE-2016-8436",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860."
{ }
"name" : "95259", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95259" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95259"
}
]
}
}

122
2016/8xxx/CVE-2016-8717.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-04-21T00:00:00", "DATE_PUBLIC": "2017-04-21T00:00:00",
"ID" : "CVE-2016-8717", "ID": "CVE-2016-8717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Moxa", "product_name": "Moxa",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client 1.1" "version_value": "Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client 1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Talos" "vendor_name": "Talos"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "credentials vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231" "lang": "eng",
} "value": "An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "credentials vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231"
}
]
}
}

150
2016/9xxx/CVE-2016-9128.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2016-9128", "ID": "CVE-2016-9128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Revive Adserver All versions before 3.2.3", "product_name": "Revive Adserver All versions before 3.2.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Revive Adserver All versions before 3.2.3" "version_value": "Revive Adserver All versions before 3.2.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3" "lang": "eng",
}, "value": "Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL."
{ }
"name" : "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74", ]
"refsource" : "MISC", },
"url" : "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://hackerone.com/reports/99004", "description": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/99004" "lang": "eng",
}, "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)"
{ }
"name" : "https://www.revive-adserver.com/security/revive-sa-2016-001/", ]
"refsource" : "MISC", }
"url" : "https://www.revive-adserver.com/security/revive-sa-2016-001/" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://hackerone.com/reports/99004",
"refsource": "MISC",
"url": "https://hackerone.com/reports/99004"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/a323fd626627e8d42819fd5b7e2829196b5c54a3"
},
{
"name": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74",
"refsource": "MISC",
"url": "https://github.com/revive-adserver/revive-adserver/commit/e17a7ec3412ded751cda50b82338de471d656d74"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2016-001/",
"refsource": "MISC",
"url": "https://www.revive-adserver.com/security/revive-sa-2016-001/"
}
]
}
}

140
2016/9xxx/CVE-2016-9155.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"ID" : "CVE-2016-9155", "ID": "CVE-2016-9155",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SIEMENS-branded IP Cameras", "product_name": "SIEMENS-branded IP Cameras",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SIEMENS-branded IP Cameras" "version_value": "SIEMENS-branded IP Cameras"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "incorrect access control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01" "lang": "eng",
}, "value": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
{ }
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94392", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94392" "lang": "eng",
} "value": "incorrect access control"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
},
{
"name": "94392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94392"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
}
]
}
}

130
2016/9xxx/CVE-2016-9353.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-9353", "ID": "CVE-2016-9353",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Advantech SUSIAccess Server 3.0 and prior", "product_name": "Advantech SUSIAccess Server 3.0 and prior",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Advantech SUSIAccess Server 3.0 and prior" "version_value": "Advantech SUSIAccess Server 3.0 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Advantech SUSIAccess Server static key hard-coded"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04" "lang": "eng",
}, "value": "An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use."
{ }
"name" : "94631", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94631" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Advantech SUSIAccess Server static key hard-coded"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04"
},
{
"name": "94631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94631"
}
]
}
}

200
2016/9xxx/CVE-2016-9808.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9808", "ID": "CVE-2016-9808",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161201 gstreamer multiple issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/12/01/2" "lang": "eng",
}, "value": "The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs."
{ }
"name" : "[oss-security] 20161204 Re: gstreamer multiple issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html", "description": [
"refsource" : "MISC", {
"url" : "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2", ]
"refsource" : "CONFIRM", }
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2" ]
}, },
{ "references": {
"name" : "GLSA-201705-10", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201705-10" "name": "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html",
}, "refsource": "MISC",
{ "url": "https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html"
"name" : "RHSA-2016:2975", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2975.html" "name": "RHSA-2017:0019",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0019.html"
"name" : "RHSA-2017:0019", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0019.html" "name": "RHSA-2016:2975",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2975.html"
"name" : "RHSA-2017:0020", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0020.html" "name": "RHSA-2017:0020",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0020.html"
"name" : "95446", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95446" "name": "95446",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/95446"
} },
} {
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
]
}
}

34
2019/2xxx/CVE-2019-2099.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2099", "ID": "CVE-2019-2099",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2127.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2127", "ID": "CVE-2019-2127",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2383.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2383", "ID": "CVE-2019-2383",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2019/2xxx/CVE-2019-2528.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2528", "ID": "CVE-2019-2528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.24 and prior" "version_value": "5.7.24 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.13 and prior" "version_value": "8.0.13 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20190118-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20190118-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3867-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3867-1/" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "106627", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/106627" ]
} },
] "references": {
} "reference_data": [
} {
"name": "106627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106627"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "USN-3867-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3867-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
}
]
}
}

34
2019/2xxx/CVE-2019-2864.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2864", "ID": "CVE-2019-2864",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/6xxx/CVE-2019-6090.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6090", "ID": "CVE-2019-6090",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/6xxx/CVE-2019-6487.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6487", "ID": "CVE-2019-6487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py" "lang": "eng",
} "value": "TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py",
"refsource": "MISC",
"url": "https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py"
}
]
}
}

142
2019/6xxx/CVE-2019-6543.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-02-05T00:00:00", "DATE_PUBLIC": "2019-02-05T00:00:00",
"ID" : "CVE-2019-6543", "ID": "CVE-2019-6543",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update", "product_name": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update" "version_value": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "46342", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/46342/" "lang": "eng",
}, "value": "AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.tenable.com/security/research/tra-2019-04", "description": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2019-04" "lang": "eng",
} "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-01"
},
{
"name": "46342",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46342/"
},
{
"name": "https://www.tenable.com/security/research/tra-2019-04",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-04"
}
]
}
}

34
2019/6xxx/CVE-2019-6573.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6573", "ID": "CVE-2019-6573",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7046.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7046", "ID": "CVE-2019-7046",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7819.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7819", "ID": "CVE-2019-7819",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/7xxx/CVE-2019-7974.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-7974", "ID": "CVE-2019-7974",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }